From d5296319fbadd41dc5a82cbe4bbc6e3fa82b1cb7 Mon Sep 17 00:00:00 2001 From: Neil Lathwood Date: Fri, 13 Jan 2017 12:47:16 +0000 Subject: [PATCH] refactor: MySQL strict and query fixes (#5338) * refactor: MySQL strict and query fixes * moved sql file --- discovery.php | 2 +- .../authentication/active_directory.inc.php | 14 +++++++------- .../authentication/ad-authorization.inc.php | 14 +++++++------- html/includes/authentication/mysql.inc.php | 14 +++++++------- html/includes/authentication/radius.inc.php | 14 +++++++------- html/includes/forms/delete-alert-rule.inc.php | 2 +- html/pages/deluser.inc.php | 2 +- html/pages/device/edit/device.inc.php | 2 +- includes/common.php | 13 +++++++++++++ includes/discovery/functions.inc.php | 5 +++++ includes/functions.php | 6 ++++++ includes/polling/bgp-peers.inc.php | 6 +++--- includes/polling/mempools.inc.php | 4 ++-- includes/polling/ospf.inc.php | 6 +++--- includes/polling/ports.inc.php | 3 ++- includes/services.inc.php | 2 +- poll-billing.php | 2 +- sql-schema/154.sql | 2 ++ 18 files changed, 70 insertions(+), 43 deletions(-) create mode 100644 sql-schema/154.sql diff --git a/discovery.php b/discovery.php index 64557958ce..9deffb4b76 100755 --- a/discovery.php +++ b/discovery.php @@ -125,7 +125,7 @@ $run = ($end - $start); $proctime = substr($run, 0, 5); if ($discovered_devices) { - dbInsert(array('type' => 'discover', 'doing' => $doing, 'start' => $start, 'duration' => $proctime, 'devices' => $discovered_devices), 'perf_times'); + dbInsert(array('type' => 'discover', 'doing' => $doing, 'start' => $start, 'duration' => $proctime, 'devices' => $discovered_devices, 'poller' => $config['distributed_poller_name']), 'perf_times'); } $string = $argv[0]." $doing ".date($config['dateformat']['compact'])." - $discovered_devices devices discovered in $proctime secs"; diff --git a/html/includes/authentication/active_directory.inc.php b/html/includes/authentication/active_directory.inc.php index 11f6d154cc..70d17bb3c6 100644 --- a/html/includes/authentication/active_directory.inc.php +++ b/html/includes/authentication/active_directory.inc.php @@ -206,14 +206,14 @@ function get_userid($username) } -function deluser($username) +function deluser($userid) { - dbDelete('bill_perms', '`user_name` = ?', array($username)); - dbDelete('devices_perms', '`user_name` = ?', array($username)); - dbDelete('ports_perms', '`user_name` = ?', array($username)); - dbDelete('users_prefs', '`user_name` = ?', array($username)); - dbDelete('users', '`user_name` = ?', array($username)); - return dbDelete('users', '`username` = ?', array($username)); + dbDelete('bill_perms', '`user_id` = ?', array($userid)); + dbDelete('devices_perms', '`user_id` = ?', array($userid)); + dbDelete('ports_perms', '`user_id` = ?', array($userid)); + dbDelete('users_prefs', '`user_id` = ?', array($userid)); + dbDelete('users', '`user_id` = ?', array($userid)); + return dbDelete('users', '`user_id` = ?', array($userid)); } diff --git a/html/includes/authentication/ad-authorization.inc.php b/html/includes/authentication/ad-authorization.inc.php index 3c4717858d..e2e4d8a8fa 100644 --- a/html/includes/authentication/ad-authorization.inc.php +++ b/html/includes/authentication/ad-authorization.inc.php @@ -197,14 +197,14 @@ function get_userid($username) } -function deluser($username) +function deluser($userid) { - dbDelete('bill_perms', '`user_name` = ?', array($username)); - dbDelete('devices_perms', '`user_name` = ?', array($username)); - dbDelete('ports_perms', '`user_name` = ?', array($username)); - dbDelete('users_prefs', '`user_name` = ?', array($username)); - dbDelete('users', '`user_name` = ?', array($username)); - return dbDelete('users', '`username` = ?', array($username)); + dbDelete('bill_perms', '`user_id` = ?', array($userid)); + dbDelete('devices_perms', '`user_id` = ?', array($userid)); + dbDelete('ports_perms', '`user_id` = ?', array($userid)); + dbDelete('users_prefs', '`user_id` = ?', array($userid)); + dbDelete('users', '`user_id` = ?', array($userid)); + return dbDelete('users', '`user_id` = ?', array($userid)); } diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php index e59121965b..9e19f86068 100644 --- a/html/includes/authentication/mysql.inc.php +++ b/html/includes/authentication/mysql.inc.php @@ -139,15 +139,15 @@ function get_userid($username) }//end get_userid() -function deluser($username) +function deluser($userid) { - dbDelete('bill_perms', '`user_name` = ?', array($username)); - dbDelete('devices_perms', '`user_name` = ?', array($username)); - dbDelete('ports_perms', '`user_name` = ?', array($username)); - dbDelete('users_prefs', '`user_name` = ?', array($username)); - dbDelete('users', '`user_name` = ?', array($username)); + dbDelete('bill_perms', '`user_id` = ?', array($userid)); + dbDelete('devices_perms', '`user_id` = ?', array($userid)); + dbDelete('ports_perms', '`user_id` = ?', array($userid)); + dbDelete('users_prefs', '`user_id` = ?', array($userid)); + dbDelete('users', '`user_id` = ?', array($userid)); - return dbDelete('users', '`username` = ?', array($username)); + return dbDelete('users', '`user_id` = ?', array($userid)); }//end deluser() diff --git a/html/includes/authentication/radius.inc.php b/html/includes/authentication/radius.inc.php index cfafbba4bd..8a9fab1960 100644 --- a/html/includes/authentication/radius.inc.php +++ b/html/includes/authentication/radius.inc.php @@ -94,14 +94,14 @@ function get_userid($username) } -function deluser($username) +function deluser($userid) { - dbDelete('bill_perms', '`user_name` = ?', array($username)); - dbDelete('devices_perms', '`user_name` = ?', array($username)); - dbDelete('ports_perms', '`user_name` = ?', array($username)); - dbDelete('users_prefs', '`user_name` = ?', array($username)); - dbDelete('users', '`user_name` = ?', array($username)); - return dbDelete('users', '`username` = ?', array($username)); + dbDelete('bill_perms', '`user_id` = ?', array($userid)); + dbDelete('devices_perms', '`user_id` = ?', array($userid)); + dbDelete('ports_perms', '`user_id` = ?', array($userid)); + dbDelete('users_prefs', '`user_id` = ?', array($userid)); + dbDelete('users', '`user_id` = ?', array($userid)); + return dbDelete('users', '`user_id` = ?', array($userid)); } diff --git a/html/includes/forms/delete-alert-rule.inc.php b/html/includes/forms/delete-alert-rule.inc.php index 75899a48d0..ef9fdf954d 100644 --- a/html/includes/forms/delete-alert-rule.inc.php +++ b/html/includes/forms/delete-alert-rule.inc.php @@ -22,7 +22,7 @@ if (!is_numeric($_POST['alert_id'])) { exit; } else { if (dbDelete('alert_rules', '`id` = ?', array($_POST['alert_id']))) { - if (dbDelete('alert_map', 'rule = ?', array($_POST['alert_id'])) || dbFetchCell('COUNT(id) FROM alert_map WHERE rule = ?', array($_POST['alert_id'])) == 0) { + if (dbDelete('alert_map', 'rule = ?', array($_POST['alert_id'])) || dbFetchCell('SELECT COUNT(*) FROM alert_map WHERE rule = ?', array($_POST['alert_id'])) == 0) { echo 'Maps has been deleted.'; } else { echo 'WARNING: Maps could not be deleted.'; diff --git a/html/pages/deluser.inc.php b/html/pages/deluser.inc.php index 6fb9c4933b..8dc411dfa3 100644 --- a/html/pages/deluser.inc.php +++ b/html/pages/deluser.inc.php @@ -14,7 +14,7 @@ if ($_SESSION['userlevel'] < 10 || $_SESSION['userlevel'] > 10) { $delete_username = dbFetchCell('SELECT username FROM users WHERE user_id = ?', array($vars['id'])); if ($vars['confirm'] == 'yes') { - if (deluser($delete_username)) { + if (deluser($vars['id']) >= 0) { print_message('
User "'.$delete_username.'" deleted!'); } else { print_error('Error deleting user "'.$delete_username.'"!'); diff --git a/html/pages/device/edit/device.inc.php b/html/pages/device/edit/device.inc.php index cac651cc79..6a1a67d447 100644 --- a/html/pages/device/edit/device.inc.php +++ b/html/pages/device/edit/device.inc.php @@ -26,7 +26,7 @@ if ($_POST['editing']) { #FIXME needs more sanity checking! and better feedback - $param = array('purpose' => $vars['descr'], 'type' => $vars['type'], 'ignore' => $vars['ignore'], 'disabled' => $vars['disabled']); + $param = array('purpose' => $vars['descr'], 'type' => $vars['type'], 'ignore' => set_numeric($vars['ignore']), 'disabled' => set_numeric($vars['disabled'])); $rows_updated = dbUpdate($param, 'devices', '`device_id` = ?', array($device['device_id'])); diff --git a/includes/common.php b/includes/common.php index 3cb9305ec2..a88d39e456 100644 --- a/includes/common.php +++ b/includes/common.php @@ -1557,3 +1557,16 @@ function load_all_os($restricted = array()) $config['os'][$tmp['os']] = $tmp; } } + +/** + * @param $value + * @param int $default + * @return int + */ +function set_numeric($value, $default = 0) +{ + if (!isset($value) || !is_numeric($value)) { + $value = $default; + } + return $value; +} diff --git a/includes/discovery/functions.inc.php b/includes/discovery/functions.inc.php index 2bd6ba1034..1dd1206570 100644 --- a/includes/discovery/functions.inc.php +++ b/includes/discovery/functions.inc.php @@ -178,6 +178,11 @@ function discover_device($device, $options = null) function discover_sensor(&$valid, $class, $device, $oid, $index, $type, $descr, $divisor = '1', $multiplier = '1', $low_limit = null, $low_warn_limit = null, $warn_limit = null, $high_limit = null, $current = null, $poller_type = 'snmp', $entPhysicalIndex = null, $entPhysicalIndex_measured = null) { + + if (!is_numeric($divisor)) { + $divisor = 1; + } + d_echo("Discover sensor: $oid, $index, $type, $descr, $poller_type, $precision, $entPhysicalIndex\n"); if (is_null($low_warn_limit) && !is_null($warn_limit)) { diff --git a/includes/functions.php b/includes/functions.php index 6280ca7911..d250ea257b 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -1322,6 +1322,12 @@ function fping($host, $params, $address_family = AF_INET) $rcv = 1; $loss = 100; } + $xmt = set_numeric($xmt); + $rcv = set_numeric($rcv); + $loss = set_numeric($loss); + $min = set_numeric($min); + $max = set_numeric($max); + $avg = set_numeric($avg); $response = array('xmt'=>$xmt,'rcv'=>$rcv,'loss'=>$loss,'min'=>$min,'max'=>$max,'avg'=>$avg); return $response; } diff --git a/includes/polling/bgp-peers.inc.php b/includes/polling/bgp-peers.inc.php index 96abbd09d8..573edede92 100644 --- a/includes/polling/bgp-peers.inc.php +++ b/includes/polling/bgp-peers.inc.php @@ -170,10 +170,10 @@ if ($config['enable_bgp']) { $peer['update']['bgpPeerState'] = $bgpPeerState; $peer['update']['bgpPeerAdminStatus'] = $bgpPeerAdminStatus; - $peer['update']['bgpPeerFsmEstablishedTime'] = $bgpPeerFsmEstablishedTime; - $peer['update']['bgpPeerInUpdates'] = $bgpPeerInUpdates; + $peer['update']['bgpPeerFsmEstablishedTime'] = set_numeric($bgpPeerFsmEstablishedTime); + $peer['update']['bgpPeerInUpdates'] = set_numeric($bgpPeerInUpdates); $peer['update']['bgpLocalAddr'] = $bgpLocalAddr; - $peer['update']['bgpPeerOutUpdates'] = $bgpPeerOutUpdates; + $peer['update']['bgpPeerOutUpdates'] = set_numeric($bgpPeerOutUpdates); dbUpdate($peer['update'], 'bgpPeers', '`device_id` = ? AND `bgpPeerIdentifier` = ?', array($device['device_id'], $peer['bgpPeerIdentifier'])); diff --git a/includes/polling/mempools.inc.php b/includes/polling/mempools.inc.php index d887484899..f789e517e9 100644 --- a/includes/polling/mempools.inc.php +++ b/includes/polling/mempools.inc.php @@ -41,11 +41,11 @@ foreach (dbFetchRows('SELECT * FROM mempools WHERE device_id = ?', array($device ); if (!empty($mempool['largestfree'])) { - $mempool['state']['mempool_largestfree'] = $mempool['largestfree']; + $mempool['state']['mempool_largestfree'] = set_numeric($mempool['largestfree']); } if (!empty($mempool['lowestfree'])) { - $mempool['state']['mempool_lowestfree'] = $mempool['lowestfree']; + $mempool['state']['mempool_lowestfree'] = set_numeric($mempool['lowestfree']); } dbUpdate($mempool['state'], 'mempools', '`mempool_id` = ?', array($mempool['mempool_id'])); diff --git a/includes/polling/ospf.inc.php b/includes/polling/ospf.inc.php index 5ee28c1f33..478b37e4ea 100644 --- a/includes/polling/ospf.inc.php +++ b/includes/polling/ospf.inc.php @@ -120,7 +120,7 @@ foreach ($vrfs_lite_cisco as $vrf_lite) { // Loop the OIDs if ($ospf_instance_db[$device['context_name']][$oid] != $ospf_instance_poll[$oid]) { // If data has changed, build a query - $ospf_instance_update[$oid] = $ospf_instance_poll[$oid]; + $ospf_instance_update[$oid] = set_numeric($ospf_instance_poll[$oid]); // log_event("$oid -> ".$this_port[$oid], $device, 'ospf', $port['port_id']); // FIXME } } @@ -252,7 +252,7 @@ foreach ($vrfs_lite_cisco as $vrf_lite) { // Loop the OIDs if ($ospf_port_db[$device['context_name']][$oid] != $ospf_port_poll[$oid]) { // If data has changed, build a query - $ospf_port_update[$oid] = $ospf_port_poll[$oid]; + $ospf_port_update[$oid] = set_numeric($ospf_port_poll[$oid]); // log_event("$oid -> ".$this_port[$oid], $device, 'ospf', $port['port_id']); // FIXME } } @@ -340,7 +340,7 @@ foreach ($vrfs_lite_cisco as $vrf_lite) { if ($ospf_nbr_db[$device['context_name']][$oid] != $ospf_nbr_poll[$oid]) { // If data has changed, build a query - $ospf_nbr_update[$oid] = $ospf_nbr_poll[$oid]; + $ospf_nbr_update[$oid] = set_numeric($ospf_nbr_poll[$oid]); // log_event("$oid -> ".$this_nbr[$oid], $device, 'ospf', $nbr['port_id']); // FIXME } } diff --git a/includes/polling/ports.inc.php b/includes/polling/ports.inc.php index afbcad75fc..3cd8ead378 100644 --- a/includes/polling/ports.inc.php +++ b/includes/polling/ports.inc.php @@ -548,7 +548,7 @@ foreach ($ports as $port) { } if ($config['slow_statistics'] == true) { - $port[$port_update][$oid] = $this_port[$oid]; + $port[$port_update][$oid] = set_numeric($this_port[$oid]); $port[$port_update][$oid.'_prev'] = $port[$oid]; } @@ -695,6 +695,7 @@ foreach ($ports as $port) { if (!isset($val_check)) { unset($port['update'][$key]); } + $port['update'][$key] = set_numeric($val_check); } // Update Database diff --git a/includes/services.inc.php b/includes/services.inc.php index 578cec60c8..ee776d773c 100644 --- a/includes/services.inc.php +++ b/includes/services.inc.php @@ -43,7 +43,7 @@ function add_service($device, $type, $desc, $ip = 'localhost', $param = "", $ign $ip = $device['hostname']; } - $insert = array('device_id' => $device['device_id'], 'service_ip' => $ip, 'service_type' => $type, 'service_changed' => array('UNIX_TIMESTAMP(NOW())'), 'service_desc' => $desc, 'service_param' => $param, 'service_ignore' => $ignore, 'service_status' => 3, 'service_message' => 'Service not yet checked'); + $insert = array('device_id' => $device['device_id'], 'service_ip' => $ip, 'service_type' => $type, 'service_changed' => array('UNIX_TIMESTAMP(NOW())'), 'service_desc' => $desc, 'service_param' => $param, 'service_ignore' => $ignore, 'service_status' => 3, 'service_message' => 'Service not yet checked', 'service_ds' => '{}'); return dbInsert($insert, 'services'); } diff --git a/poll-billing.php b/poll-billing.php index 6817bd6c07..50cfc2deeb 100755 --- a/poll-billing.php +++ b/poll-billing.php @@ -91,7 +91,7 @@ function CollectData($bill_id) $port_data['out_delta'] = '0'; } - $fields = array('timestamp' => $now, 'in_counter' => $port_data['in_measurement'], 'out_counter' => $port_data['out_measurement'], 'in_delta' => $port_data['in_delta'], 'out_delta' => $port_data['out_delta']); + $fields = array('timestamp' => $now, 'in_counter' => set_numeric($port_data['in_measurement']), 'out_counter' => set_numeric($port_data['out_measurement']), 'in_delta' => set_numeric($port_data['in_delta']), 'out_delta' => set_numeric($port_data['out_delta'])); if (dbUpdate($fields, 'bill_port_counters', "`port_id`='" . mres($port_id) . "' AND `bill_id`='$bill_id'") == 0) { $fields['bill_id'] = $bill_id; $fields['port_id'] = $port_id; diff --git a/sql-schema/154.sql b/sql-schema/154.sql new file mode 100644 index 0000000000..7667cf3e81 --- /dev/null +++ b/sql-schema/154.sql @@ -0,0 +1,2 @@ +ALTER TABLE `devices` CHANGE `ip` `ip` VARBINARY(16) NULL DEFAULT NULL; +ALTER TABLE `alert_log` CHANGE `details` `details` LONGBLOB NULL DEFAULT NULL;