diff options
author | Mika Havela <mika.havela@gmail.com> | 2009-07-03 13:37:24 +0000 |
---|---|---|
committer | Mika Havela <mika.havela@gmail.com> | 2009-07-03 13:37:24 +0000 |
commit | efa6b500d78bcbfbf63da5d45f669796aa3f993a (patch) | |
tree | 04fda2c7a146a774d14ca8be3320289418c00ad4 | |
parent | e7580d6132af388c111b23723ec23e2c9cd211b5 (diff) | |
download | acf-rrdtool-efa6b500d78bcbfbf63da5d45f669796aa3f993a.tar.bz2 acf-rrdtool-efa6b500d78bcbfbf63da5d45f669796aa3f993a.tar.xz |
Validating userinput.
Using format.escapespecialcharacters() to prevent code injection.
Making sure some inputs are purely numerical.
-rw-r--r-- | rrdtool-model.lua | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/rrdtool-model.lua b/rrdtool-model.lua index d6ab2fc..30a65f4 100644 --- a/rrdtool-model.lua +++ b/rrdtool-model.lua @@ -111,9 +111,9 @@ function createnewrrd() (Default: now - 10s)"}) newdb.step = cfe({label="Step",value="",descr="Specifies the base interval in seconds with which data will be fed into the RRD.\ (Default: 300)"}) - newdb.ds = cfe({label="Data stores",value="",descr="DS:ds-name:GAUGE | COUNTER | DERIVE | ABSOLUTE:heartbeat:min:max \ + newdb.ds = cfe({label="Data store(s)",value="",descr="DS:ds-name:GAUGE | COUNTER | DERIVE | ABSOLUTE:heartbeat:min:max \ DS:ds-name:COMPUTE:rpn-expression",type="longtext"}) - newdb.rra = cfe({label="Round Robin Archive",value="",descr="RRA:AVERAGE | MIN | MAX | LAST:xff:steps:rows",type="longtext"}) + newdb.rra = cfe({label="Round Robin Archive(s)",value="",descr="RRA:AVERAGE | MIN | MAX | LAST:xff:steps:rows",type="longtext"}) return {value=newdb} end @@ -154,6 +154,12 @@ If you specify path, it should be " .. tostring(databases) .."/" end if (posix.stat(path)) then configfile.value.filename.errtxt = "File already exists" + elseif not tonumber(configfile.value.start.value) then + configfile.value.start.errtxt = "Only numeric values!" + return configfile + elseif not tonumber(configfile.value.step.value) then + configfile.value.step.errtxt = "Only numeric values!" + return configfile else local start,step if (#configfile.value.start.value > 0) then @@ -167,11 +173,11 @@ If you specify path, it should be " .. tostring(databases) .."/" step = "" end local f = io.popen( "/usr/bin/rrdtool create ".. - tostring(path) .. " " .. - tostring(start) .. - tostring(step) .. - tostring(configfile.value.ds.value) .. " " .. - tostring(configfile.value.rra.value) .. " 2>&1") + format.escapespecialcharacters(path) .. " " .. + format.escapespecialcharacters(start) .. + format.escapespecialcharacters(step) .. + tostring(string.gsub(format.dostounix(format.escapespecialcharacters(configfile.value.ds.value)),"\n", " \\\n")) .. " " .. + tostring(string.gsub(format.dostounix(format.escapespecialcharacters(configfile.value.rra.value)),"\n", " \\\n")) .. " 2>&1") success = f:read("*a") or "" f:close() configfile.errtxt = tostring(success) |