mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

move current to sensors table, plug some sql injection holes

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@1312 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Tom Laermans
2010-07-07 14:34:44 +00:00
parent 27d1a215f3
commit 1ed4749f40
17 changed files with 101 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
html/pages/health/current.inc.php
View File

@@ -1,9 +1,9 @@
<?php
if($_SESSION['userlevel'] >= '5') {
$sql = "SELECT * FROM `current` AS V, `devices` AS D WHERE V.device_id = D.device_id ORDER BY D.hostname, V.current_descr";
$sql = "SELECT * FROM `sensors` AS S, `devices` AS D WHERE S.sensor_class='current' AND S.device_id = D.device_id ORDER BY D.hostname, S.sensor_descr";
} else {
$sql = "SELECT * FROM `current` AS V, `devices` AS D, devices_perms as P WHERE V.device_id = D.device_id AND D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' ORDER BY D.hostname, V.current_descr";
$sql = "SELECT * FROM `current` AS S, `devices` AS D, devices_perms as P WHERE S.sensor_class='current' AND S.device_id = D.device_id AND D.device_id = P.device_id AND P.user_id = '" . $_SESSION['user_id'] . "' ORDER BY D.hostname, S.sensor_descr";
}
$query = mysql_query($sql);
@@ -27,19 +27,19 @@ while($current = mysql_fetch_array($query))
{
if(is_integer($row/2)) { $row_colour = $list_colour_a; } else { $row_colour = $list_colour_b; }
$weekly_current = "graph.php?id=" . $current['current_id'] . "&amp;type=current&amp;from=$week&amp;to=$now&amp;width=500&amp;height=150";
$weekly_current = "graph.php?id=" . $current['sensor_id'] . "&amp;type=current&amp;from=$week&amp;to=$now&amp;width=500&amp;height=150";
$current_popup = "<a onmouseover=\"return overlib('<img src=\'$weekly_current\'>', LEFT);\" onmouseout=\"return nd();\">
" . $current['current_descr'] . "</a>";
" . $current['sensor_descr'] . "</a>";
if($current['current_current'] >= $current['current_limit']) { $alert = '<img src="images/16/flag_red.png" alt="alert" />'; } else { $alert = ""; }
if($current['sensor_current'] >= $current['sensor_limit']) { $alert = '<img src="images/16/flag_red.png" alt="alert" />'; } else { $alert = ""; }
$current_day = "graph.php?id=" . $current['current_id'] . "&amp;type=current&amp;from=$day&amp;to=$now&amp;width=300&amp;height=100";
$current_week = "graph.php?id=" . $current['current_id'] . "&amp;type=current&amp;from=$week&amp;to=$now&amp;width=300&amp;height=100";
$current_month = "graph.php?id=" . $current['current_id'] . "&amp;type=current&amp;from=$month&amp;to=$now&amp;width=300&amp;height=100";
$current_year = "graph.php?id=" . $current['current_id'] . "&amp;type=current&amp;from=$year&amp;to=$now&amp;width=300&amp;height=100";
$current_day = "graph.php?id=" . $current['sensor_id'] . "&amp;type=current&amp;from=$day&amp;to=$now&amp;width=300&amp;height=100";
$current_week = "graph.php?id=" . $current['sensor_id'] . "&amp;type=current&amp;from=$week&amp;to=$now&amp;width=300&amp;height=100";
$current_month = "graph.php?id=" . $current['sensor_id'] . "&amp;type=current&amp;from=$month&amp;to=$now&amp;width=300&amp;height=100";
$current_year = "graph.php?id=" . $current['sensor_id'] . "&amp;type=current&amp;from=$year&amp;to=$now&amp;width=300&amp;height=100";
$current_minigraph = "<img src='graph.php?id=" . $current['current_id'] . "&amp;type=current&amp;from=$day&amp;to=$now&amp;width=100&amp;height=20'";
$current_minigraph .= " onmouseover=\"return overlib('<div class=list-large>".$current['hostname']." - ".$current['current_descr'];
$current_minigraph = "<img src='graph.php?id=" . $current['sensor_id'] . "&amp;type=current&amp;from=$day&amp;to=$now&amp;width=100&amp;height=20'";
$current_minigraph .= " onmouseover=\"return overlib('<div class=list-large>".$current['hostname']." - ".$current['sensor_descr'];
$current_minigraph .= "</div><div style=\'width: 750px\'><img src=\'$current_day\'><img src=\'$current_week\'><img src=\'$current_month\'><img src=\'$current_year\'></div>', RIGHT".$config['overlib_defaults'].");\" onmouseout=\"return nd();\" >";
echo("<tr bgcolor=$row_colour>
@@ -47,27 +47,27 @@ while($current = mysql_fetch_array($query))
<td>$current_popup</td>
<td>$current_minigraph</td>
<td width=100>$alert</td>
<td style='text-align: center; font-weight: bold;'>" . $current['current_current'] . "A</td>
<td style='text-align: center'>" . $current['current_limit_warn'] . "A</td>
<td style='text-align: center'>" . $current['current_limit'] . "A</td>
<td>" . (isset($current['current_notes']) ? $current['current_notes'] : '') . "</td>
<td style='text-align: center; font-weight: bold;'>" . $current['sensor_current'] . "A</td>
<td style='text-align: center'>" . $current['sensor_limit_warn'] . "A</td>
<td style='text-align: center'>" . $current['sensor_limit'] . "A</td>
<td>" . (isset($current['sensor_notes']) ? $current['sensor_notes'] : '') . "</td>
</tr>\n");
if($_GET['optb'] == "graphs") { ## If graphs
echo("<tr bgcolor='$row_colour'><td colspan=7>");
$daily_graph = "graph.php?id=" . $current['current_id'] . "&type=current&from=$day&to=$now&width=211&height=100";
$daily_url = "graph.php?id=" . $current['current_id'] . "&type=current&from=$day&to=$now&width=400&height=150";
$daily_graph = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$day&to=$now&width=211&height=100";
$daily_url = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$day&to=$now&width=400&height=150";
$weekly_graph = "graph.php?id=" . $current['current_id'] . "&type=current&from=$week&to=$now&width=211&height=100";
$weekly_url = "graph.php?id=" . $current['current_id'] . "&type=current&from=$week&to=$now&width=400&height=150";
$weekly_graph = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$week&to=$now&width=211&height=100";
$weekly_url = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$week&to=$now&width=400&height=150";
$monthly_graph = "graph.php?id=" . $current['current_id'] . "&type=current&from=$month&to=$now&width=211&height=100";
$monthly_url = "graph.php?id=" . $current['current_id'] . "&type=current&from=$month&to=$now&width=400&height=150";
$monthly_graph = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$month&to=$now&width=211&height=100";
$monthly_url = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$month&to=$now&width=400&height=150";
$yearly_graph = "graph.php?id=" . $current['current_id'] . "&type=current&from=$year&to=$now&width=211&height=100";
$yearly_url = "graph.php?id=" . $current['current_id'] . "&type=current&from=$year&to=$now&width=400&height=150";
$yearly_graph = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$year&to=$now&width=211&height=100";
$yearly_url = "graph.php?id=" . $current['sensor_id'] . "&type=current&from=$year&to=$now&width=400&height=150";
echo("<a onmouseover=\"return overlib('<img src=\'$daily_url\'>', LEFT);\" onmouseout=\"return nd();\">
<img src='$daily_graph' border=0></a> ");