diff --git a/functions.php b/functions.php
index 777959c..1ec50c2 100644
--- a/functions.php
+++ b/functions.php
@@ -306,8 +306,8 @@ function syslog_partition_create($table) {
try {
/* determine the format of the table name */
$time = time();
- $cformat = 'd' . date('Ymd', $time);
- $lnow = date('Y-m-d', $time+86400);
+ $cformat = 'd' . gmdate('Ymd', $time);
+ $lnow = gmdate('Y-m-d', strtotime('+1 day', $time));
$exists = syslog_db_fetch_row_prepared("SELECT *
FROM `information_schema`.`partitions`
@@ -788,12 +788,12 @@ function syslog_export($tab) {
print
'"' .
- $host . '","' .
- ucfirst($facility) . '","' .
- ucfirst($priority) . '","' .
- ucfirst($program) . '","' .
- $message['logtime'] . '","' .
- $message[$syslog_incoming_config['textField']] . '"' . "\r\n";
+ syslog_csv_safe($host) . '","' .
+ syslog_csv_safe(ucfirst($facility)) . '","' .
+ syslog_csv_safe(ucfirst($priority)) . '","' .
+ syslog_csv_safe(ucfirst($program)) . '","' .
+ syslog_csv_safe($message['logtime']) . '","' .
+ syslog_csv_safe($message[$syslog_incoming_config['textField']]) . '"' . "\r\n";
}
}
} else {
@@ -815,14 +815,14 @@ function syslog_export($tab) {
print
'"' .
- $message['name'] . '","' .
- $severity . '","' .
- $message['logtime'] . '","' .
- $message['logmsg'] . '","' .
- $message['host'] . '","' .
- ucfirst($message['facility']) . '","' .
- ucfirst($message['priority']) . '","' .
- $message['count'] . '"' . "\r\n";
+ syslog_csv_safe($message['name']) . '","' .
+ syslog_csv_safe($severity) . '","' .
+ syslog_csv_safe($message['logtime']) . '","' .
+ syslog_csv_safe($message['logmsg']) . '","' .
+ syslog_csv_safe($message['host']) . '","' .
+ syslog_csv_safe(ucfirst($message['facility'])) . '","' .
+ syslog_csv_safe(ucfirst($message['priority'])) . '","' .
+ syslog_csv_safe($message['count']) . '"' . "\r\n";
}
}
}
@@ -2050,6 +2050,32 @@ function syslog_postprocess_tables() {
}
}
+/**
+ * syslog_csv_safe - Escapes a value for safe inclusion in a CSV field.
+ *
+ * Prevents formula injection by prefixing cells that start with a trigger
+ * character (=, +, -, @, /, tab, CR, LF), and escapes embedded
+ * double-quotes per RFC 4180.
+ *
+ * @param (mixed) $value The value to sanitize
+ *
+ * @return (string) The sanitized string
+ */
+function syslog_csv_safe($value) {
+ if ($value === null || $value === '') {
+ return '';
+ }
+
+ $value = (string) $value;
+ $value = str_replace('"', '""', $value);
+
+ if (preg_match('/^[=+\-@\/\t\r\n]/', $value)) {
+ $value = "'" . $value;
+ }
+
+ return $value;
+}
+
/**
* syslog_process_reports - Processes all syslog reports scheduled to run
*
diff --git a/js/functions.js b/js/functions.js
index 25dacc5..9e18081 100644
--- a/js/functions.js
+++ b/js/functions.js
@@ -227,7 +227,7 @@ function initSyslogMain(config) {
$.each(data, function(index, hostData) {
if ($('#host option[value="'+index+'"]').length == 0) {
- $('#host').append('');
+ $('#host').append('');
}
});
diff --git a/setup.php b/setup.php
index 0dc5f91..b7d1531 100644
--- a/setup.php
+++ b/setup.php
@@ -626,8 +626,8 @@ function syslog_setup_table_new($options) {
$newreport = true;
}
- if ($truncate || !$newreport) {
- syslog_db_execute("DROP TABLE IF EXISTS `" . $syslogdb_default . "`.`syslog_reports`");
+ if ($truncate) {
+ syslog_db_execute_prepared("DROP TABLE IF EXISTS `" . $syslogdb_default . "`.`syslog_reports`", array());
}
syslog_db_execute("CREATE TABLE IF NOT EXISTS `" . $syslogdb_default . "`.`syslog_reports` (
diff --git a/syslog.php b/syslog.php
index 7db1ef7..a4696b7 100644
--- a/syslog.php
+++ b/syslog.php
@@ -289,6 +289,7 @@ function syslog_statistics() {
$sql_where = '';
$sql_groupby = '';
+ $sql_params = array();
if (get_request_var('rows') == -1) {
$rows = read_config_option('num_rows_table');
@@ -298,14 +299,14 @@ function syslog_statistics() {
$rows = get_request_var('rows');
}
- $records = get_stats_records($sql_where, $sql_groupby, $rows);
+ $records = get_stats_records($sql_where, $sql_groupby, $rows, $sql_params);
$rows_query_string = "SELECT COUNT(*)
FROM `" . $syslogdb_default . "`.`syslog_statistics` AS ss
$sql_where
$sql_groupby";
- $total_rows = syslog_db_fetch_cell('SELECT COUNT(*) FROM ('. $rows_query_string . ') as temp');
+ $total_rows = syslog_db_fetch_cell_prepared('SELECT COUNT(*) FROM ('. $rows_query_string . ') as temp', $sql_params);
$nav = html_nav_bar('syslog.php?tab=stats', MAX_DISPLAY_PAGES, get_request_var_request('page'), $rows, $total_rows, 4, __('Messages', 'syslog'), 'page', 'main');
@@ -387,14 +388,16 @@ function syslog_statistics() {
}
}
-function get_stats_records(&$sql_where, &$sql_groupby, $rows) {
+function get_stats_records(&$sql_where, &$sql_groupby, $rows, &$sql_params) {
global $syslogdb_default;
/* form the 'where' clause for our main sql query */
- if (!isempty_request_var('rfilter')) {
+ if (!isempty_request_var('rfilter') && strlen(get_request_var('rfilter')) <= 255) {
$sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') .
- "sh.host RLIKE '" . get_request_var('rfilter') . "'
- OR spr.program RLIKE '" . get_request_var('rfilter') . "'";
+ "(sh.host RLIKE ?
+ OR spr.program RLIKE ?)";
+ $sql_params[] = get_request_var('rfilter');
+ $sql_params[] = get_request_var('rfilter');
}
if (get_request_var('host') == '-2') {
@@ -470,7 +473,7 @@ function get_stats_records(&$sql_where, &$sql_groupby, $rows) {
//cacti_log(str_replace("\n", "", $query_sql));
- return syslog_db_fetch_assoc($query_sql);
+ return syslog_db_fetch_assoc_prepared($query_sql, $sql_params);
}
function syslog_stats_filter() {
@@ -848,11 +851,12 @@ function set_shift_span($shift_span, $session_prefix) {
}
}
-function get_syslog_messages(&$sql_where, $rows, $tab) {
+function get_syslog_messages(&$sql_where, $rows, $tab, &$sql_params = array()) {
global $sql_where, $hostfilter, $hostfilter_log, $current_tab, $syslog_incoming_config;
global $syslogdb_default;
- $sql_where = '';
+ $sql_where = '';
+ $sql_params = array();
if ($tab == 'alerts') {
if (get_request_var('host') == 0) {
@@ -908,20 +912,23 @@ function get_syslog_messages(&$sql_where, $rows, $tab) {
'sa.id=' . get_request_var('id');
}
- if (!isempty_request_var('rfilter')) {
+ if (!isempty_request_var('rfilter') && strlen(get_request_var('rfilter')) <= 255) {
if ($tab == 'syslog') {
- $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . "message RLIKE '" . get_request_var('rfilter') . "'";
+ $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . "message RLIKE ?";
} else {
- $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . "logmsg RLIKE '" . get_request_var('rfilter') . "'";
+ $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . "logmsg RLIKE ?";
}
+ $sql_params[] = get_request_var('rfilter');
}
if (get_request_var('eprogram') != '-1') {
- $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . 'syslog.program_id = ' . db_qstr(get_request_var('eprogram'));
+ $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . 'syslog.program_id = ?';
+ $sql_params[] = get_request_var('eprogram');
}
if (get_request_var('efacility') != '-1') {
- $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . 'syslog.facility_id = ' . db_qstr(get_request_var('efacility'));
+ $sql_where .= ($sql_where == '' ? 'WHERE ' : ' AND ') . 'syslog.facility_id = ?';
+ $sql_params[] = get_request_var('efacility');
}
if (isset_request_var('epriority') && get_request_var('epriority') != '-1') {
diff --git a/syslog_alerts.php b/syslog_alerts.php
index 1c9d9ac..ee199e6 100644
--- a/syslog_alerts.php
+++ b/syslog_alerts.php
@@ -321,17 +321,17 @@ function api_syslog_alert_save($id, $name, $method, $level, $num, $type, $messag
function api_syslog_alert_remove($id) {
global $syslogdb_default;
- syslog_db_execute("DELETE FROM `" . $syslogdb_default . "`.`syslog_alert` WHERE id='" . $id . "'");
+ syslog_db_execute_prepared("DELETE FROM `" . $syslogdb_default . "`.`syslog_alert` WHERE id = ?", array(intval($id)));
}
function api_syslog_alert_disable($id) {
global $syslogdb_default;
- syslog_db_execute("UPDATE `" . $syslogdb_default . "`.`syslog_alert` SET enabled='' WHERE id='" . $id . "'");
+ syslog_db_execute_prepared("UPDATE `" . $syslogdb_default . "`.`syslog_alert` SET enabled='' WHERE id = ?", array(intval($id)));
}
function api_syslog_alert_enable($id) {
global $syslogdb_default;
- syslog_db_execute("UPDATE `" . $syslogdb_default . "`.`syslog_alert` SET enabled='on' WHERE id='" . $id . "'");
+ syslog_db_execute_prepared("UPDATE `" . $syslogdb_default . "`.`syslog_alert` SET enabled='on' WHERE id = ?", array(intval($id)));
}
/* ---------------------
diff --git a/syslog_removal.php b/syslog_removal.php
index 51fa924..d8d6794 100644
--- a/syslog_removal.php
+++ b/syslog_removal.php
@@ -306,17 +306,17 @@ function api_syslog_removal_save($id, $name, $type, $message, $rmethod, $notes,
function api_syslog_removal_remove($id) {
global $syslogdb_default;
- syslog_db_execute("DELETE FROM `" . $syslogdb_default . "`.`syslog_remove` WHERE id='" . $id . "'");
+ syslog_db_execute_prepared("DELETE FROM `" . $syslogdb_default . "`.`syslog_remove` WHERE id = ?", array(intval($id)));
}
function api_syslog_removal_disable($id) {
global $syslogdb_default;
- syslog_db_execute("UPDATE `" . $syslogdb_default . "`.`syslog_remove` SET enabled='' WHERE id='" . $id . "'");
+ syslog_db_execute_prepared("UPDATE `" . $syslogdb_default . "`.`syslog_remove` SET enabled='' WHERE id = ?", array(intval($id)));
}
function api_syslog_removal_enable($id) {
global $syslogdb_default;
- syslog_db_execute("UPDATE `" . $syslogdb_default . "`.`syslog_remove` SET enabled='on' WHERE id='" . $id . "'");
+ syslog_db_execute_prepared("UPDATE `" . $syslogdb_default . "`.`syslog_remove` SET enabled='on' WHERE id = ?", array(intval($id)));
}
function api_syslog_removal_reprocess($id) {
diff --git a/syslog_reports.php b/syslog_reports.php
index 1a97b3a..f829a69 100644
--- a/syslog_reports.php
+++ b/syslog_reports.php
@@ -315,17 +315,17 @@ function api_syslog_report_save($id, $name, $type, $message, $timespan, $timepar
function api_syslog_report_remove($id) {
global $syslogdb_default;
- syslog_db_execute('DELETE FROM `' . $syslogdb_default . '`.`syslog_reports` WHERE id=' . $id);
+ syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_reports` WHERE id = ?', array(intval($id)));
}
function api_syslog_report_disable($id) {
global $syslogdb_default;
- syslog_db_execute('UPDATE `' . $syslogdb_default . "`.`syslog_reports` SET enabled='' WHERE id=" . $id);
+ syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . "`.`syslog_reports` SET enabled='' WHERE id = ?", array(intval($id)));
}
function api_syslog_report_enable($id) {
global $syslogdb_default;
- syslog_db_execute('UPDATE `' . $syslogdb_default . "`.`syslog_reports` SET enabled='on' WHERE id=" . $id);
+ syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . "`.`syslog_reports` SET enabled='on' WHERE id = ?", array(intval($id)));
}
/* ---------------------