summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMika Havela <mika.havela@gmail.com>2009-07-03 13:37:24 +0000
committerMika Havela <mika.havela@gmail.com>2009-07-03 13:37:24 +0000
commitefa6b500d78bcbfbf63da5d45f669796aa3f993a (patch)
tree04fda2c7a146a774d14ca8be3320289418c00ad4
parente7580d6132af388c111b23723ec23e2c9cd211b5 (diff)
downloadacf-rrdtool-efa6b500d78bcbfbf63da5d45f669796aa3f993a.tar.bz2
acf-rrdtool-efa6b500d78bcbfbf63da5d45f669796aa3f993a.tar.xz
Validating userinput.
Using format.escapespecialcharacters() to prevent code injection. Making sure some inputs are purely numerical.
-rw-r--r--rrdtool-model.lua20
1 files changed, 13 insertions, 7 deletions
diff --git a/rrdtool-model.lua b/rrdtool-model.lua
index d6ab2fc..30a65f4 100644
--- a/rrdtool-model.lua
+++ b/rrdtool-model.lua
@@ -111,9 +111,9 @@ function createnewrrd()
(Default: now - 10s)"})
newdb.step = cfe({label="Step",value="",descr="Specifies the base interval in seconds with which data will be fed into the RRD.\
(Default: 300)"})
- newdb.ds = cfe({label="Data stores",value="",descr="DS:ds-name:GAUGE | COUNTER | DERIVE | ABSOLUTE:heartbeat:min:max \
+ newdb.ds = cfe({label="Data store(s)",value="",descr="DS:ds-name:GAUGE | COUNTER | DERIVE | ABSOLUTE:heartbeat:min:max \
DS:ds-name:COMPUTE:rpn-expression",type="longtext"})
- newdb.rra = cfe({label="Round Robin Archive",value="",descr="RRA:AVERAGE | MIN | MAX | LAST:xff:steps:rows",type="longtext"})
+ newdb.rra = cfe({label="Round Robin Archive(s)",value="",descr="RRA:AVERAGE | MIN | MAX | LAST:xff:steps:rows",type="longtext"})
return {value=newdb}
end
@@ -154,6 +154,12 @@ If you specify path, it should be " .. tostring(databases) .."/"
end
if (posix.stat(path)) then
configfile.value.filename.errtxt = "File already exists"
+ elseif not tonumber(configfile.value.start.value) then
+ configfile.value.start.errtxt = "Only numeric values!"
+ return configfile
+ elseif not tonumber(configfile.value.step.value) then
+ configfile.value.step.errtxt = "Only numeric values!"
+ return configfile
else
local start,step
if (#configfile.value.start.value > 0) then
@@ -167,11 +173,11 @@ If you specify path, it should be " .. tostring(databases) .."/"
step = ""
end
local f = io.popen( "/usr/bin/rrdtool create "..
- tostring(path) .. " " ..
- tostring(start) ..
- tostring(step) ..
- tostring(configfile.value.ds.value) .. " " ..
- tostring(configfile.value.rra.value) .. " 2>&1")
+ format.escapespecialcharacters(path) .. " " ..
+ format.escapespecialcharacters(start) ..
+ format.escapespecialcharacters(step) ..
+ tostring(string.gsub(format.dostounix(format.escapespecialcharacters(configfile.value.ds.value)),"\n", " \\\n")) .. " " ..
+ tostring(string.gsub(format.dostounix(format.escapespecialcharacters(configfile.value.rra.value)),"\n", " \\\n")) .. " 2>&1")
success = f:read("*a") or ""
f:close()
configfile.errtxt = tostring(success)