X-Git-Url: https://git.octo.it/?p=rrdtool.git;a=blobdiff_plain;f=src%2Frrd_cgi.c;h=6f59358e8532f08d56e88321ae570cd175deff04;hp=aacda1b751696983dbec79230e07a46f9b95a59d;hb=990fcfb7eec407edfe504f42760bae204e1c074d;hpb=cc307a96e23a6079d60a05f785e6a51e4a635435
diff --git a/src/rrd_cgi.c b/src/rrd_cgi.c
index aacda1b..6f59358 100644
--- a/src/rrd_cgi.c
+++ b/src/rrd_cgi.c
@@ -1,5 +1,5 @@
/*****************************************************************************
- * RRDtool 1.1.x Copyright Tobias Oetiker, 1997 - 2003
+ * RRDtool 1.2rc9 Copyright by Tobi Oetiker, 1997-2005
*****************************************************************************
* rrd_cgi.c RRD Web Page Generator
*****************************************************************************/
@@ -14,11 +14,11 @@
#define DEBUG_VARS*/
/* global variable for libcgi */
-s_cgi **cgiArg;
+s_cgi *cgiArg;
/* in arg[0] find tags beginning with arg[1] call arg[2] on them
and replace by result of arg[2] call */
-int parse(char **, long, char *, char *(*)(long , char **));
+int parse(char **, long, char *, char *(*)(long , const char **));
/**************************************************/
/* tag replacers ... they are called from parse */
@@ -26,43 +26,43 @@ int parse(char **, long, char *, char *(*)(long , char **));
/**************************************************/
/* return cgi var named arg[0] */
-char* cgiget(long , char **);
+char* cgiget(long , const char **);
/* return a quoted cgi var named arg[0] */
-char* cgigetq(long , char **);
+char* cgigetq(long , const char **);
/* return a quoted and sanitized cgi variable */
-char* cgigetqp(long , char **);
+char* cgigetqp(long , const char **);
/* call rrd_graph and insert appropriate image tag */
char* drawgraph(long, char **);
/* return PRINT functions from last rrd_graph call */
-char* drawprint(long, char **);
+char* drawprint(long, const char **);
/* pretty-print the value for some.rrd via strftime() */
-char* printtimelast(long, char **);
+char* printtimelast(long, const char **);
/* pretty-print current time */
-char* printtimenow(long,char **);
+char* printtimenow(long, const char **);
/* set an environment variable */
-char* rrdsetenv(long, char **);
+char* rrdsetenv(long, const char **);
/* get an environment variable */
-char* rrdgetenv(long, char **);
+char* rrdgetenv(long, const char **);
/* include the named file at this point */
-char* includefile(long, char **);
+char* includefile(long, const char **);
/* for how long is the output of the cgi valid ? */
-char* rrdgoodfor(long, char **);
+char* rrdgoodfor(long, const char **);
char* rrdstrip(char *buf);
char* scanargs(char *line, int *argc, char ***args);
/* format at-time specified times using strftime */
-char* printstrftime(long, char**);
+char* printstrftime(long, const char**);
/** HTTP protocol needs special format, and GMT time **/
char *http_time(time_t *);
@@ -72,9 +72,9 @@ char *stralloc(const char *);
/* rrd interface to the variable functions {put,get}var() */
-char* rrdgetvar(long argc, char **args);
-char* rrdsetvar(long argc, char **args);
-char* rrdsetvarconst(long argc, char **args);
+char* rrdgetvar(long argc, const char **args);
+char* rrdsetvar(long argc, const char **args);
+char* rrdsetvarconst(long argc, const char **args);
/* variable store: put/get key-value pairs */
@@ -117,7 +117,7 @@ donevar()
{
int i;
if (varheap) {
- for (i=0; i %s -->\n", name, varheap[i].value);
@@ -157,7 +157,7 @@ static const char*
putvar(const char* name, const char* value, int is_const)
{
int i;
- for (i=0; i < varheap_size && varheap[i].name; i++) {
+ for (i=0; i < (int)varheap_size && varheap[i].name; i++) {
if (0 == strcmp(name, varheap[i].name)) {
/* overwrite existing entry */
if (varheap[i].is_const) {
@@ -180,7 +180,7 @@ putvar(const char* name, const char* value, int is_const)
}
/* no existing variable found by that name, add it */
- if (i == varheap_size) {
+ if (i == (int)varheap_size) {
/* ran out of heap: resize heap to double size */
size_t new_size = varheap_size * 2;
varheap = (vardata*)(realloc(varheap, sizeof(vardata) * new_size));
@@ -220,6 +220,9 @@ rrd_expand_vars(char* buffer)
parse(&buffer, i, "= 2) {
char *xyz = malloc((strlen(args[0]) + strlen(args[1]) + 2));
if (xyz == NULL) {
@@ -383,6 +392,7 @@ char* rrdsetenv(long argc, char **args) {
free(xyz);
return stralloc("[ERROR: failed to do putenv]");
};
+ return stralloc("");
}
return stralloc("[ERROR: setenv failed because not enough "
"arguments were defined]");
@@ -390,7 +400,7 @@ char* rrdsetenv(long argc, char **args) {
/* rrd interface to the variable function putvar() */
char*
-rrdsetvar(long argc, char **args)
+rrdsetvar(long argc, const char **args)
{
if (argc >= 2)
{
@@ -407,7 +417,7 @@ rrdsetvar(long argc, char **args)
/* rrd interface to the variable function putvar() */
char*
-rrdsetvarconst(long argc, char **args)
+rrdsetvarconst(long argc, const char **args)
{
if (argc >= 2)
{
@@ -422,7 +432,7 @@ rrdsetvarconst(long argc, char **args)
"were defined]");
}
-char* rrdgetenv(long argc, char **args) {
+char* rrdgetenv(long argc, const char **args) {
char buf[128];
const char* envvar;
if (argc != 1) {
@@ -433,12 +443,16 @@ char* rrdgetenv(long argc, char **args) {
if (envvar) {
return stralloc(envvar);
} else {
- snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
- return stralloc(buf);
+#if defined(WIN32) && !defined(__CYGWIN__) && !defined(__CYGWIN32__)
+ _snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
+#else
+ snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
+#endif
+ return stralloc(buf);
}
}
-char* rrdgetvar(long argc, char **args) {
+char* rrdgetvar(long argc, const char **args) {
char buf[128];
const char* value;
if (argc != 1) {
@@ -449,12 +463,16 @@ char* rrdgetvar(long argc, char **args) {
if (value) {
return stralloc(value);
} else {
- snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#if defined(WIN32) && !defined(__CYGWIN__) && !defined(__CYGWIN32__)
+ _snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#else
+ snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#endif
return stralloc(buf);
}
}
-char* rrdgoodfor(long argc, char **args){
+char* rrdgoodfor(long argc, const char **args){
if (argc == 1) {
goodfor = atol(args[0]);
} else {
@@ -472,7 +490,7 @@ char* rrdgoodfor(long argc, char **args){
* start and end times, because, either might be relative to the other.
* */
#define MAX_STRFTIME_SIZE 256
-char* printstrftime(long argc, char **args){
+char* printstrftime(long argc, const char **args){
struct rrd_time_value start_tv, end_tv;
char *parsetime_error = NULL;
char formatted[MAX_STRFTIME_SIZE];
@@ -524,10 +542,10 @@ char* printstrftime(long argc, char **args){
}
}
-char* includefile(long argc, char **args){
+char* includefile(long argc, const char **args){
char *buffer;
if (argc >= 1) {
- char* filename = args[0];
+ char* filename = args[0];
readfile(filename, &buffer, 0);
if (rrd_test_error()) {
char *err = malloc((strlen(rrd_get_error())+DS_NAM_SIZE));
@@ -566,7 +584,7 @@ char* rrdstrip(char *buf) {
return buf;
}
-char* cgigetq(long argc, char **args){
+char* cgigetq(long argc, const char **args){
if (argc>= 1){
char *buf = rrdstrip(cgiGetValue(cgiArg,args[0]));
char *buf2;
@@ -604,60 +622,63 @@ char* cgigetq(long argc, char **args){
/* remove occurrences of .. this is a general measure to make
paths which came in via cgi do not go UP ... */
-char* cgigetqp(long argc, char **args){
- if (argc>= 1) {
- char *buf = rrdstrip(cgiGetValue(cgiArg,args[0]));
- char *buf2;
- char *c,*d;
- int qc=0;
-
- if (buf==NULL)
- return NULL;
-
- for(c=buf;*c != '\0';c++) {
- if (*c == '"') {
- qc++;
- }
- }
-
- if ((buf2 = malloc((strlen(buf) + 4 * qc + 4))) == NULL) {
- perror("Malloc Buffer");
- exit(1);
+char* cgigetqp(long argc, const char **args){
+ char* buf;
+ char* buf2;
+ char* p;
+ char* d;
+
+ if (argc < 1)
+ {
+ return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]");
+ }
+
+ buf = rrdstrip(cgiGetValue(cgiArg, args[0]));
+ if (!buf)
+ {
+ return NULL;
+ }
+
+ buf2 = malloc(strlen(buf)+1);
+ if (!buf2)
+ {
+ perror("cgigetqp(): Malloc Path Buffer");
+ exit(1);
};
- c=buf;
- d=buf2;
-
- *(d++) = '"';
- while (*c != '\0') {
- if (*c == '"') {
- *(d++) = '"';
- *(d++) = '\'';
- *(d++) = '"';
- *(d++) = '\'';
- }
- if(*c == '/') {
- *(d++) = '_';
- c++;
- } else {
- if (*c=='.' && *(c+1) == '.') {
- c += 2;
- *(d++) = '_'; *(d++) ='_';
- } else {
- *(d++) = *(c++);
- }
- }
+ p = buf;
+ d = buf2;
+
+ while (*p)
+ {
+ /* prevent mallicious paths from entering the system */
+ if (p[0] == '.' && p[1] == '.')
+ {
+ p += 2;
+ *d++ = '_';
+ *d++ = '_';
+ }
+ else
+ {
+ *d++ = *p++;
+ }
}
- *(d++) = '"';
- *(d) = '\0';
+
+ *d = 0;
free(buf);
+
+ /* Make sure the path is relative, e.g. does not start with '/' */
+ p = buf2;
+ while ('/' == *p)
+ {
+ *p++ = '_';
+ }
+
return buf2;
- }
- return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]");
}
-char* cgiget(long argc, char **args){
+char* cgiget(long argc, const char **args){
if (argc>= 1)
return rrdstrip(cgiGetValue(cgiArg,args[0]));
else
@@ -668,6 +689,7 @@ char* cgiget(long argc, char **args){
char* drawgraph(long argc, char **args){
int i,xsize, ysize;
+ double ymin,ymax;
for(i=0;i