fix 2 possible sql injections, make graph clickthrough work on the non-sensor blocks in the device overview too

git-svn-id: http://www.observium.org/svn/observer/trunk@1973 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2011-03-25 14:18:04 +00:00
parent 33e5fe2b4d
commit 10b0bbe010
4 changed files with 15 additions and 9 deletions
--- a/html/pages/device/overview/mempools.inc.php
+++ b/html/pages/device/overview/mempools.inc.php
@@ -5,7 +5,9 @@ $graph_type = "mempool_usage";
 if (mysql_result(mysql_query("SELECT count(*) from mempools WHERE device_id = '" . $device['device_id'] . "'"),0))
 {
  echo("<div style='background-color: #eeeeee; margin: 5px; padding: 5px;'>");
-  echo("<p style='padding: 0px 5px 5px;' class=sectionhead><img align='absmiddle' src='".$config['base_url']."/images/icons/memory.png'> Memory Pools</p>");
+  echo("<p style='padding: 0px 5px 5px;' class=sectionhead>");
+  echo('<a class="sectionhead" href="device/'.$device['device_id'].'/health/mempools/">');
+  echo("<img align='absmiddle' src='".$config['base_url']."/images/icons/memory.png'> Memory Pools</a></p>");
  echo("<table width=100% cellspacing=0 cellpadding=5>");
  $mempool_rows = '1';
  $mempools = mysql_query("SELECT * FROM `mempools` WHERE device_id = '" . $device['device_id'] . "'");
@@ -17,7 +19,7 @@ if (mysql_result(mysql_query("SELECT count(*) from mempools WHERE device_id = '"

    $text_descr = rewrite_entity_descr($mempool['mempool_descr']);

-    $mempool_url   = $config['base_url'] . "/device/".$device['device_id']."/health/memory/";
+    $mempool_url   = $config['base_url'] . "/graphs/".$mempool['mempool_id']."/mempool_usage/";
    $mini_url = $config['base_url'] . "/graph.php?id=".$mempool['mempool_id']."&type=".$graph_type."&from=".$day."&to=".$now."&width=80&height=20&bg=f4f4f4";

    $mempool_popup  = "onmouseover=\"return overlib('<div class=list-large>".$device['hostname']." - ".$text_descr;
--- a/html/pages/device/overview/processors.inc.php
+++ b/html/pages/device/overview/processors.inc.php
@@ -6,7 +6,9 @@ if (mysql_result(mysql_query("SELECT count(*) from processors WHERE device_id =
 {
  $processor_rows = 0;
  echo("<div style='background-color: #eeeeee; margin: 5px; padding: 5px;'>");
-  echo("<p style='padding: 0px 5px 5px;' class=sectionhead><img align='absmiddle' src='".$config['base_url']."/images/icons/processors.png'> Processors</p>");
+  echo("<p style='padding: 0px 5px 5px;' class=sectionhead>");
+  echo('<a class="sectionhead" href="device/'.$device['device_id'].'/health/processors/">');
+  echo("<img align='absmiddle' src='".$config['base_url']."/images/icons/processors.png'> Processors</a></p>");
  echo("<table width=100% cellspacing=0 cellpadding=5>");
  $i = '1';
  $procs = mysql_query("SELECT * FROM `processors` WHERE device_id = '" . $device['device_id'] . "' ORDER BY processor_descr ASC");
@@ -14,7 +16,7 @@ if (mysql_result(mysql_query("SELECT count(*) from processors WHERE device_id =
  {
    if (is_integer($processor_rows/2)) { $row_colour = $list_colour_a; } else { $row_colour = $list_colour_b; }

-    $proc_url   = $config['base_url'] . "/device/".$device['device_id']."/health/processors/";
+    $proc_url   = $config['base_url'] . "/graphs/".$proc['processor_id']."/processor_usage/";

    $proc_popup  = "onmouseover=\"return overlib('<div class=list-large>".$device['hostname']." - ".$proc['processor_descr'];
    $proc_popup .= "</div><img src=\'graph.php?id=" . $proc['processor_id'] . "&type=".$graph_type."&from=$month&to=$now&width=400&height=125\'>";
--- a/html/pages/device/overview/storage.inc.php
+++ b/html/pages/device/overview/storage.inc.php
@@ -5,7 +5,9 @@ $graph_type = "storage_usage";
 if (mysql_result(mysql_query("SELECT count(storage_id) from storage WHERE device_id = '" . $device['device_id'] . "'"),0))
 {
  echo("<div style='background-color: #eeeeee; margin: 5px; padding: 5px;'>");
-  echo("<p style='padding: 0px 5px 5px;' class=sectionhead><img align='absmiddle' src='".$config['base_url']."/images/icons/storage.png'> Storage</p>");
+  echo("<p style='padding: 0px 5px 5px;' class=sectionhead>");
+  echo('<a class="sectionhead" href="device/'.$device['device_id'].'/health/storage/">');
+  echo("<img align='absmiddle' src='".$config['base_url']."/images/icons/storage.png'> Storage</a></p>");
  echo("<table width=100% cellspacing=0 cellpadding=5>");
  $drive_rows = '0';

@@ -44,7 +46,7 @@ if (mysql_result(mysql_query("SELECT count(storage_id) from storage WHERE device
    $free = formatStorage($drive['storage_free']);
    $used = formatStorage($drive['storage_used']);

-    $fs_url   = $config['base_url'] . "/device/".$device['device_id']."/health/storage/";
+    $fs_url   = $config['base_url'] . "/graphs/".$drive['storage_id']."/storage_usage/";

    $fs_popup  = "onmouseover=\"return overlib('<div class=list-large>".$device['hostname']." - ".$drive['storage_descr'];
    $fs_popup .= "</div><img src=\'graph.php?id=" . $drive['storage_id'] . "&type=".$graph_type."&from=$month&to=$now&width=400&height=125\'>";