From 5d28295111e43d7c57f18662528416280db9e45a Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 09:20:18 -0400 Subject: [PATCH 01/11] fix: Rotate Partition Early - CSV Export * Fix partitioning so that it happens an hour before the rotation * Fix CSV Export to be secure using built-in function --- functions.php | 99 ++++++++++++++++++++++++++++++++----------------- js/functions.js | 2 +- 2 files changed, 67 insertions(+), 34 deletions(-) diff --git a/functions.php b/functions.php index 5a6c3bb..ef224d5 100644 --- a/functions.php +++ b/functions.php @@ -238,14 +238,17 @@ function syslog_traditional_manage() { function syslog_partition_manage() { $syslog_deleted = 0; - if (syslog_partition_check('syslog')) { - syslog_partition_create('syslog'); - $syslog_deleted = syslog_partition_remove('syslog'); + // Always create the partition an hour ahead of time + $time = time() + 3600; + + if (syslog_partition_check('syslog', $time)) { + syslog_partition_create('syslog', $time); + $syslog_deleted = syslog_partition_remove('syslog', $time); } - if (syslog_partition_check('syslog_removed')) { - syslog_partition_create('syslog_removed'); - $syslog_deleted += syslog_partition_remove('syslog_removed'); + if (syslog_partition_check('syslog_removed', $time)) { + syslog_partition_create('syslog_removed', $time); + $syslog_deleted += syslog_partition_remove('syslog_removed', $time); } return $syslog_deleted; @@ -276,17 +279,22 @@ function syslog_partition_table_allowed($table) { /** * Create a new partition for the specified table. * - * @param mixed $table + * @param mixed $table The table to rotate + * @param int $time Assume this time for the partition rotation * * @return bool true on success, false on lock failure or disallowed table. */ -function syslog_partition_create($table) { +function syslog_partition_create($table, $time = null) { global $syslogdb_default; if (!syslog_partition_table_allowed($table)) { return false; } + if ($time === null) { + $time = time() + 3600; + } + // Hash to guarantee the lock name stays within MySQL's 64-byte limit. $lock_name = substr(hash('sha256', $syslogdb_default . '.syslog_partition_create.' . $table), 0, 60); @@ -295,7 +303,7 @@ function syslog_partition_create($table) { * poller cycle (typically 5 minutes), so sustained contention is not * expected. A failure is logged so monitoring can detect repeated misses. */ - $locked = syslog_db_fetch_cell_prepared('SELECT GET_LOCK(?, 10)', [$lock_name]); + $locked = syslog_db_fetch_cell_prepared('SELECT GET_LOCK(?, 10)', [$lock_name]); if ($locked === null) { // NULL means the GET_LOCK call itself failed, not just contention. @@ -312,9 +320,8 @@ function syslog_partition_create($table) { try { // determine the format of the table name - $time = time(); - $cformat = 'd' . date('Ymd', $time); - $lnow = date('Y-m-d', $time + 86400); + $cformat = 'd' . gmdate('Ymd', $time); + $lnow = gmdate('Y-m-d', strtotime('+1 day', $time)); $exists = syslog_db_fetch_row_prepared('SELECT * FROM `information_schema`.`partitions` @@ -424,8 +431,13 @@ function syslog_partition_remove($table) { * syslog_partition_create and syslog_partition_remove acquire. External * serialization is provided by the poller cycle calling * syslog_partition_manage(). + * + * @param string $table The table to check + * @param int $time The time to assume for creation verification + * + * @return bool If it's time to rotate the partition */ -function syslog_partition_check($table) { +function syslog_partition_check($table, $time = null) { global $syslogdb_default; if (!syslog_partition_table_allowed($table)) { @@ -436,16 +448,21 @@ function syslog_partition_check($table) { include(SYSLOG_CONFIG); } + if ($time === null) { + $time = time() + 3600; + } + // find date of last partition $last_part = syslog_db_fetch_cell_prepared('SELECT PARTITION_NAME FROM `information_schema`.`partitions` - WHERE table_schema = ? AND table_name = ? + WHERE table_schema = ? + AND table_name = ? ORDER BY partition_ordinal_position DESC LIMIT 1,1', [$syslogdb_default, $table]); $lformat = str_replace('d', '', $last_part); - $cformat = date('Ymd'); + $cformat = gmdate('Ymd', $time); if ($cformat > $lformat) { return true; @@ -793,7 +810,11 @@ function syslog_export($tab) { 'program_id', 'program' ); - print 'host, facility, priority, program, date, message' . "\r\n"; + $fp = fopen('php://output', 'w'); + + $line = ['host', 'facility', 'priority', 'program', 'date', 'message']; + + fputcsv($fp, $line); if (cacti_sizeof($messages)) { foreach ($messages as $message) { @@ -821,13 +842,16 @@ function syslog_export($tab) { $host = 'Unknown'; } - print '"' . - $host . '","' . - ucfirst($facility) . '","' . - ucfirst($priority) . '","' . - ucfirst($program) . '","' . - $message['logtime'] . '","' . - $message[$syslog_incoming_config['textField']] . '"' . "\r\n"; + $line = [ + $host, + ucfirst($facility), + ucfirst($priority), + ucfirst($program), + $message['logtime'], + $message[$syslog_incoming_config['textField']] + ]; + + fputcsv($fp, $line); } } } else { @@ -837,7 +861,11 @@ function syslog_export($tab) { $sql_where = ''; $messages = get_syslog_messages($sql_where, 100000, $tab); - print 'name, severity, date, message, host, facility, priority, count' . "\r\n"; + $line = ['name', 'severity', 'date', 'message', 'host', 'facility', 'priority', 'count']; + + $fp = fopen('php://output', 'w'); + + fputcsv($fp, $line); if (cacti_sizeof($messages)) { foreach ($messages as $message) { @@ -847,17 +875,22 @@ function syslog_export($tab) { $severity = 'Unknown'; } - print '"' . - $message['name'] . '","' . - $severity . '","' . - $message['logtime'] . '","' . - $message['logmsg'] . '","' . - $message['host'] . '","' . - ucfirst($message['facility']) . '","' . - ucfirst($message['priority']) . '","' . - $message['count'] . '"' . "\r\n"; + $line = [ + $message['name'], + $severity, + $message['logtime'], + $message['logmsg'], + $message['host'], + ucfirst($message['facility']), + ucfirst($message['priority']), + $message['count'] + ]; + + fputcsv($fp, $line); } } + + fclose($fp); } } diff --git a/js/functions.js b/js/functions.js index 271dcda..375d541 100644 --- a/js/functions.js +++ b/js/functions.js @@ -225,7 +225,7 @@ function initSyslogMain(config) { $.each(data, function(index, hostData) { if ($('#host option[value="'+index+'"]').length == 0) { - $('#host').append(''); + $('#host').append(''); } }); From d7eec70c0cc564230760ee332ce95d91a7e2a731 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 10:51:38 -0400 Subject: [PATCH 02/11] fix: Increase readability of SQL statements Also missed a few prepared statements. --- functions.php | 402 +++++++++++++++++++++++---------------------- setup.php | 106 ++++++------ syslog.php | 270 +++++++++++++++--------------- syslog_alerts.php | 28 ++-- syslog_removal.php | 26 +-- syslog_reports.php | 26 +-- 6 files changed, 432 insertions(+), 426 deletions(-) diff --git a/functions.php b/functions.php index ef224d5..0019ea6 100644 --- a/functions.php +++ b/functions.php @@ -64,7 +64,7 @@ function syslog_sync_save($data, $table, $primary = '') { if (read_config_option('syslog_remote_enabled') == 'on' && read_config_option('syslog_remote_sync_rules') == 'on') { if ($config['poller_id'] == 1) { - $stable = '`' . $syslogdb_default . '`.`' . $table . '`'; + $stable = "`$syslogdb_default`.`$table`"; $id = syslog_sql_save($data, $stable, $primary); @@ -95,7 +95,7 @@ function syslog_sync_save($data, $table, $primary = '') { raise_message('syslog_denied', __('Save Failed. Remote Data Collectors in Sync Mode are not allowed to Save Rules. Save from the Main Cacti Server instead.', 'syslog'), MESSAGE_LEVEL_ERROR); } } else { - $stable = '`' . $syslogdb_default . '`.`' . $table . '`'; + $stable = "`$syslogdb_default`.`$table`"; $id = syslog_sql_save($data, $stable, $primary); @@ -194,7 +194,7 @@ function syslog_is_partitioned() { global $syslogdb_default; // see if the table is partitioned - $syntax = syslog_db_fetch_row('SHOW CREATE TABLE `' . $syslogdb_default . '`.`syslog`'); + $syntax = syslog_db_fetch_row("SHOW CREATE TABLE `$syslogdb_default`.`syslog`"); if (substr_count($syntax['Create Table'], 'PARTITION')) { return true; @@ -218,12 +218,12 @@ function syslog_traditional_manage() { } // delete from the main syslog table first - syslog_db_execute('DELETE FROM `' . $syslogdb_default . "`.`syslog` WHERE logtime < '$retention'"); + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog` WHERE logtime < ?", [$retention]); $syslog_deleted = db_affected_rows($syslog_cnn); // now delete from the syslog removed table - syslog_db_execute('DELETE FROM `' . $syslogdb_default . "`.`syslog_removed` WHERE logtime < '$retention'"); + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_removed` WHERE logtime < ?", [$retention]); $syslog_deleted += db_affected_rows($syslog_cnn); @@ -343,7 +343,7 @@ function syslog_partition_create($table, $time = null) { * regex guard). $cformat and $lnow derive from date() and * contain only digits, hyphens, and the letter 'd'. */ - syslog_db_execute('ALTER TABLE `' . $syslogdb_default . "`.`$table` REORGANIZE PARTITION dMaxValue INTO ( + syslog_db_execute("ALTER TABLE `$syslogdb_default`.`$table` REORGANIZE PARTITION dMaxValue INTO ( PARTITION $cformat VALUES LESS THAN (TO_DAYS('$lnow')), PARTITION dMaxValue VALUES LESS THAN MAXVALUE)"); } @@ -410,7 +410,7 @@ function syslog_partition_remove($table) { syslog_debug("Removing partition '" . $oldest['PARTITION_NAME'] . "'"); - syslog_db_execute('ALTER TABLE `' . $syslogdb_default . "`.`$table` DROP PARTITION " . $oldest['PARTITION_NAME']); + syslog_db_execute("ALTER TABLE `$syslogdb_default`.`$table` DROP PARTITION " . $oldest['PARTITION_NAME']); $i++; $user_partitions--; @@ -487,13 +487,13 @@ function syslog_remove_items($table, $max_seq) { syslog_debug('Processing Removal Rules...'); if ($table == 'syslog') { - $rows = syslog_db_fetch_assoc('SELECT * - FROM `' . $syslogdb_default . "`.`syslog_remove` + $rows = syslog_db_fetch_assoc("SELECT * + FROM `$syslogdb_default`.`syslog_remove` WHERE enabled = 'on'"); } else { - $rows = syslog_db_fetch_assoc('SELECT * - FROM `' . $syslogdb_default . '`.`syslog_remove` - WHERE enabled="on"'); + $rows = syslog_db_fetch_assoc("SELECT * + FROM `$syslogdb_default`.`syslog_remove` + WHERE enabled='on'"); } syslog_debug(sprintf('Found %5s - Removal Rule(s) to process', cacti_sizeof($rows))); @@ -502,10 +502,10 @@ function syslog_remove_items($table, $max_seq) { $xferred = 0; if ($table == 'syslog_incoming') { - $total = syslog_db_fetch_cell_prepared('SELECT count(*) - FROM `' . $syslogdb_default . '`.`syslog_incoming` + $total = syslog_db_fetch_cell_prepared("SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", [$max_seq]); } else { $total = 0; @@ -525,9 +525,10 @@ function syslog_remove_items($table, $max_seq) { $params[] = $remove['message']; $params[] = $max_seq; } else { - $facility_id = syslog_db_fetch_cell_prepared('SELECT facility_id - FROM `' . $syslogdb_default . '`.`syslog_facilities` - WHERE facility = ?', [$remove['message']]); + $facility_id = syslog_db_fetch_cell_prepared("SELECT facility_id + FROM `$syslogdb_default`.`syslog_facilities` + WHERE facility = ?", + [$remove['message']]); if (!empty($facility_id)) { $sql_where = 'WHERE facility_id = ?'; @@ -543,9 +544,9 @@ function syslog_remove_items($table, $max_seq) { $params[] = $remove['message']; $params[] = $max_seq; } else { - $program_id = syslog_db_fetch_cell_prepared('SELECT program_id - FROM `' . $syslogdb_default . '`.`syslog_programs` - WHERE program = ?', [$remove['message']]); + $program_id = syslog_db_fetch_cell_prepared("SELECT program_id + FROM `$syslogdb_default`.`syslog_programs` + WHERE program = ?", [$remove['message']]); if (!empty($program_id)) { $sql_where = 'WHERE program_id = ?'; @@ -561,9 +562,10 @@ function syslog_remove_items($table, $max_seq) { $params[] = $remove['message']; $params[] = $max_seq; } else { - $host_id = syslog_db_fetch_cell_prepared('SELECT host_id - FROM `' . $syslogdb_default . '`.`syslog_hosts` - WHERE host = ?', [$remove['message']]); + $host_id = syslog_db_fetch_cell_prepared("SELECT host_id + FROM `$syslogdb_default`.`syslog_hosts` + WHERE host = ?", + [$remove['message']]); if (!empty($host_id)) { $sql_where = 'WHERE host_id = ?'; @@ -621,28 +623,28 @@ function syslog_remove_items($table, $max_seq) { if ($sql_where != '') { if ($remove['method'] != 'del') { if ($table == 'syslog_incoming') { - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_removed` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog_removed` (logtime, priority_id, facility_id, program_id, host_id, message) SELECT si.logtime, si.priority_id, si.facility_id, sp.program_id, sh.host_id, si.message - FROM `' . $syslogdb_default . '`.`syslog_incoming` AS si - INNER JOIN `' . $syslogdb_default . '`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_incoming` AS si + INNER JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON sh.host = si.host - INNER JOIN `' . $syslogdb_default . '`.`syslog_programs` AS sp - ON sp.program = si.program ' . $sql_where, $params); + INNER JOIN `$syslogdb_default`.`syslog_programs` AS sp + ON sp.program = si.program $sql_where", $params); } else { - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_removed` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog_removed` (logtime, priority_id, facility_id, program_id, host_id, message) SELECT logtime, priority_id, facility_id, program_id, host_id, message - FROM `' . $syslogdb_default . '`.`syslog` ' . $sql_where, $params); + FROM `$syslogdb_default`.`syslog` $sql_where", $params); } $xferred += db_affected_rows($syslog_cnn); } if ($table == 'syslog_incoming') { - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_incoming` ' . $sql_where, $params); + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_incoming` $sql_where", $params); } else { - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog` ' . $sql_where, $params); + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog` $sql_where", $params); } $removed += db_affected_rows($syslog_cnn); @@ -751,9 +753,9 @@ function sql_hosts_where($tab) { input_validate_input_number($host_id); if ($host_id > 0) { - $log_host = syslog_db_fetch_cell_prepared('SELECT host - FROM `' . $syslogdb_default . '`.`syslog_hosts` - WHERE host_id = ?', + $log_host = syslog_db_fetch_cell_prepared("SELECT host + FROM `$syslogdb_default`.`syslog_hosts` + WHERE host_id = ?", [$host_id]); if (!empty($log_host)) { @@ -787,26 +789,26 @@ function syslog_export($tab) { $messages = get_syslog_messages($sql_where, 100000, $tab); $hosts = array_rekey( - syslog_db_fetch_assoc('SELECT host_id, host - FROM `' . $syslogdb_default . '`.`syslog_hosts`'), + syslog_db_fetch_assoc("SELECT host_id, host + FROM `$syslogdb_default`.`syslog_hosts`"), 'host_id', 'host' ); $facilities = array_rekey( - syslog_db_fetch_assoc('SELECT facility_id, facility - FROM `' . $syslogdb_default . '`.`syslog_facilities`'), + syslog_db_fetch_assoc("SELECT facility_id, facility + FROM `$syslogdb_default`.`syslog_facilities`"), 'facility_id', 'facility' ); $priorities = array_rekey( - syslog_db_fetch_assoc('SELECT priority_id, priority - FROM `' . $syslogdb_default . '`.`syslog_priorities`'), + syslog_db_fetch_assoc("SELECT priority_id, priority + FROM `$syslogdb_default`.`syslog_priorities`"), 'priority_id', 'priority' ); $programs = array_rekey( - syslog_db_fetch_assoc('SELECT program_id, program - FROM `' . $syslogdb_default . '`.`syslog_programs`'), + syslog_db_fetch_assoc("SELECT program_id, program + FROM `$syslogdb_default`.`syslog_programs`"), 'program_id', 'program' ); @@ -919,7 +921,7 @@ function syslog_log_alert($alert_id, $alert_name, $severity, $msg, $count = 1, $ $save['html'] = $html; $id = 0; - $id = syslog_sql_save($save, '`' . $syslogdb_default . '`.`syslog_logs`', 'seq'); + $id = syslog_sql_save($save, "`$syslogdb_default`.`syslog_logs`", 'seq'); $save['seq'] = $id; $save['alert_name'] = $alert_name; @@ -941,7 +943,7 @@ function syslog_log_alert($alert_id, $alert_name, $severity, $msg, $count = 1, $ $save['html'] = $html; $id = 0; - $id = syslog_sql_save($save, '`' . $syslogdb_default . '`.`syslog_logs`', 'seq'); + $id = syslog_sql_save($save, "`$syslogdb_default`.`syslog_logs`", 'seq'); $save['seq'] = $id; $save['alert_name'] = $alert_name; @@ -964,7 +966,7 @@ function syslog_manage_items($from_table, $to_table) { global $syslogdb_default; // Select filters to work on - $rows = syslog_db_fetch_assoc('SELECT * FROM `' . $syslogdb_default . "`.`syslog_remove` WHERE enabled='on'"); + $rows = syslog_db_fetch_assoc("SELECT * FROM `$syslogdb_default`.`syslog_remove` WHERE enabled = 'on'"); syslog_debug(sprintf('Found %5s - Removal Rule(s) to process', cacti_sizeof($rows))); @@ -981,59 +983,60 @@ function syslog_manage_items($from_table, $to_table) { if ($remove['type'] == 'facility') { if ($remove['method'] != 'del') { - $sql_sel = 'SELECT seq FROM `' . $syslogdb_default . "`. $from_table + $sql_sel = "SELECT seq + FROM `$syslogdb_default`.`$from_table` WHERE facility_id IN - (SELECT distinct facility_id FROM `" . $syslogdb_default . "`syslog_facilities - WHERE facility ='" . $remove['message'] . "')"; + (SELECT distinct facility_id FROM `$syslogdb_default`syslog_facilities + WHERE facility = " . db_qstr($remove['message']) . ')'; } else { - $sql_dlt = 'DELETE FROM `' . $syslogdb_default . "`. $from_table + $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` WHERE facility_id IN - (SELECT distinct facility_id FROM `" . $syslogdb_default . "`syslog_facilities - WHERE facility ='" . $remove['message'] . "')"; + (SELECT distinct facility_id FROM `$syslogdb_default`syslog_facilities + WHERE facility = " . db_qstr($remove['message']) . ')'; } } elseif ($remove['type'] == 'host') { if ($remove['method'] != 'del') { - $sql_sel = 'SELECT seq - FROM `' . $syslogdb_default . "`. $from_table + $sql_sel = "SELECT seq + FROM `$syslogdb_default`.`$from_table` WHERE host_id in - (SELECT distinct host_id FROM `" . $syslogdb_default . "`syslog_hosts - WHERE host ='" . $remove['message'] . "')"; + (SELECT distinct host_id FROM `$syslogdb_default`.`syslog_hosts` + WHERE host = " . db_qstr($remove['message']) . ')'; } else { - $sql_dlt = 'DELETE FROM `' . $syslogdb_default . "`. $from_table + $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` WHERE host_id in - (SELECT distinct host_id FROM `" . $syslogdb_default . "`syslog_hosts - WHERE host ='" . $remove['message'] . "')"; + (SELECT distinct host_id FROM `$syslogdb_default`.`syslog_hosts` + WHERE host = " . db_qstr($remove['message']) . ')'; } } elseif ($remove['type'] == 'messageb') { if ($remove['method'] != 'del') { - $sql_sel = 'SELECT seq FROM `' . $syslogdb_default . "`. $from_table - WHERE message LIKE '" . $remove['message'] . "%' "; + $sql_sel = "SELECT seq FROM `$syslogdb_default`.`$from_table` + WHERE message LIKE " . db_qstr($remove['message'] . '%'); } else { - $sql_dlt = 'DELETE FROM `' . $syslogdb_default . "`. $from_table - WHERE message LIKE '" . $remove['message'] . "%' "; + $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` + WHERE message LIKE " . db_qstr($remove['message'] . '%'); } } elseif ($remove['type'] == 'messagec') { if ($remove['method'] != 'del') { - $sql_sel = 'SELECT seq FROM `' . $syslogdb_default . "`. $from_table - WHERE message LIKE '%" . $remove['message'] . "%' "; + $sql_sel = "SELECT seq FROM `$syslogdb_default`.`$from_table` + WHERE message LIKE " . db_qstr('%' . $remove['message'] . '%'); } else { - $sql_dlt = 'DELETE FROM `' . $syslogdb_default . "`. $from_table - WHERE message LIKE '%" . $remove['message'] . "%' "; + $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` + WHERE message LIKE " . db_qstr('%' . $remove['message'] . '%'); } } elseif ($remove['type'] == 'messagee') { if ($remove['method'] != 'del') { - $sql_sel = 'SELECT seq FROM `' . $syslogdb_default . "`. $from_table - WHERE message LIKE '%" . $remove['message'] . "' "; + $sql_sel = "SELECT seq FROM `$syslogdb_default`.`$from_table` + WHERE message LIKE " . db_qstr('%' . $remove['message']); } else { - $sql_dlt = 'DELETE FROM `' . $syslogdb_default . "`. $from_table - WHERE message LIKE '%" . $remove['message'] . "' "; + $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` + WHERE message LIKE " . db_qstr('%' . $remove['message']); } } elseif ($remove['type'] == 'sql') { if ($remove['method'] != 'del') { - $sql_sel = 'SELECT seq FROM `' . $syslogdb_default . "`. $from_table + $sql_sel = "SELECT seq FROM `$syslogdb_default`.`$from_table` WHERE message (" . $remove['message'] . ') '; } else { - $sql_dlt = 'DELETE FROM `' . $syslogdb_default . "`. $from_table + $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` WHERE message (" . $remove['message'] . ') '; } } @@ -1057,17 +1060,17 @@ function syslog_manage_items($from_table, $to_table) { } $all_seq = preg_replace('/^,/i', '', $all_seq); - syslog_db_execute('INSERT INTO `' . $syslogdb_default . '`.`' . $to_table . '` + syslog_db_execute("INSERT INTO `$syslogdb_default`.`$to_table` (facility_id, priority_id, host_id, logtime, message) (SELECT facility_id, priority_id, host_id, logtime, message - FROM `' . $syslogdb_default . '`.' . $from_table . ' - WHERE seq IN (' . $all_seq . '))'); + FROM `$syslogdb_default`.`$from_table` + WHERE seq IN (" . $all_seq . '))'); $messages_moved = db_affected_rows($syslog_cnn); if ($messages_moved > 0) { - syslog_db_execute('DELETE FROM `' . $syslogdb_default . '`.`' . $from_table . '` - WHERE seq IN (' . $all_seq . ')'); + syslog_db_execute("DELETE FROM `$syslogdb_default`.`$from_table` + WHERE seq IN ($all_seq)"); } $xferred += $messages_moved; @@ -1257,9 +1260,9 @@ function syslog_process_alerts($max_seq) { $syslog_alerts = 0; // send out the alerts - $alerts = syslog_db_fetch_assoc('SELECT * - FROM `' . $syslogdb_default . "`.`syslog_alert` - WHERE enabled='on'"); + $alerts = syslog_db_fetch_assoc("SELECT * + FROM `$syslogdb_default`.`syslog_alert` + WHERE enabled = 'on'"); if (cacti_sizeof($alerts)) { $syslog_alerts = cacti_sizeof($alerts); @@ -1690,65 +1693,66 @@ function syslog_get_alert_sql(&$alert, $max_seq) { $sql = ''; if ($alert['type'] == 'facility') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE `' . $syslog_incoming_config['facilityField'] . '` = ? + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE `{$syslog_incoming_config['facilityField']}` = ? AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = $alert['message']; $params[] = $max_seq; } elseif ($alert['type'] == 'messageb') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE `' . $syslog_incoming_config['textField'] . '` LIKE ? + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE `{$syslog_incoming_config['textField']}` LIKE ? AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = $alert['message'] . '%'; $params[] = $max_seq; } elseif ($alert['type'] == 'messagec') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE `' . $syslog_incoming_config['textField'] . '` LIKE ? + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE `{$syslog_incoming_config['textField']}` LIKE ? AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = '%' . $alert['message'] . '%'; $params[] = $max_seq; } elseif ($alert['type'] == 'messagee') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE `' . $syslog_incoming_config['textField'] . '` LIKE ? + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE `{$syslog_incoming_config['textField']}` LIKE ? AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = '%' . $alert['message']; $params[] = $max_seq; } elseif ($alert['type'] == 'host') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE `' . $syslog_incoming_config['hostField'] . '` = ? + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE `{$syslog_incoming_config['hostField']}` = ? AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = $alert['message']; $params[] = $max_seq; } elseif ($alert['type'] == 'program') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE `' . $syslog_incoming_config['programField'] . '` = ? + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE `{$syslog_incoming_config['programField']}` = ? AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = $alert['message']; $params[] = $max_seq; } elseif ($alert['type'] == 'sql') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog_incoming` - WHERE (' . $alert['message'] . ') + // TODO: Make Injection proof + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog_incoming` + WHERE ({$alert['message']}) AND `status` = 1 - AND `seq` <= ?'; + AND `seq` <= ?"; $params[] = $max_seq; } @@ -1768,23 +1772,23 @@ function syslog_get_alert_sql(&$alert, $max_seq) { function syslog_preprocess_incoming_records() { global $syslogdb_default; - $max_seq = syslog_db_fetch_cell('SELECT MAX(seq) FROM `' . $syslogdb_default . '`.`syslog_incoming` WHERE status = 0'); + $max_seq = syslog_db_fetch_cell("SELECT MAX(seq) FROM `$syslogdb_default`.`syslog_incoming` WHERE status = 0"); if ($max_seq > 0) { // flag all records with the status = 1 prior to moving - syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming` + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_incoming` SET `status` = 1 WHERE `status` = 0 - AND `seq` <= ?', + AND `seq` <= ?", [$max_seq]); syslog_debug('Max Sequence ID = ' . $max_seq); syslog_debug('-------------------------------------------------------------------------------------'); - $syslog_incoming = syslog_db_fetch_cell_prepared('SELECT COUNT(seq) - FROM `' . $syslogdb_default . '`.`syslog_incoming` + $syslog_incoming = syslog_db_fetch_cell_prepared("SELECT COUNT(seq) + FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", [$max_seq]); syslog_debug(sprintf('Found %5s - New Message(s) to process', $syslog_incoming)); @@ -1817,11 +1821,11 @@ function syslog_strip_incoming_domains($max_seq) { $domains = explode(',', trim($syslog_domains)); foreach ($domains as $domain) { - syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming` - SET host = SUBSTRING_INDEX(host, \'.\', 1) + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_incoming` + SET host = SUBSTRING_INDEX(host, '.', 1) WHERE host LIKE ? AND `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", ['%' . $domain, $max_seq]); } } @@ -1852,11 +1856,11 @@ function syslog_check_cacti_hosts($host, $max_seq) { [$host]); if (cacti_sizeof($cacti_host) && !empty($cacti_host['description'])) { - syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming` + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_incoming` SET host = ? WHERE host = ? AND `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", [$cacti_host['description'], $host, $max_seq]); return true; @@ -1886,10 +1890,10 @@ function syslog_update_reference_tables($max_seq) { // Validate and resolve hostnames - check DNS first, then Cacti, then mark invalid if (read_config_option('syslog_resolve_hostname') == 'on') { - $hosts = syslog_db_fetch_assoc_prepared('SELECT DISTINCT host - FROM `' . $syslogdb_default . '`.`syslog_incoming` + $hosts = syslog_db_fetch_assoc_prepared("SELECT DISTINCT host + FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", [$max_seq]); foreach ($hosts as $host) { @@ -1916,54 +1920,54 @@ function syslog_update_reference_tables($max_seq) { if (!$resolved) { $unresolved_host = 'unresolved-' . $host['host']; cacti_log("SYSLOG WARNING: Hostname '" . $host['host'] . "' could not be resolved via DNS or found in Cacti hosts table, marking as '" . $unresolved_host . "'", false, 'SYSLOG'); - syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_incoming` + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_incoming` SET host = ? WHERE host = ? AND `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", [$unresolved_host, $host['host'], $max_seq]); } } } - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_programs` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog_programs` (program, last_updated) SELECT DISTINCT program, NOW() - FROM `' . $syslogdb_default . '`.`syslog_incoming` + FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 AND `seq` <= ? ON DUPLICATE KEY UPDATE - program=VALUES(program), - last_updated=VALUES(last_updated)', + program = VALUES(program), + last_updated = VALUES(last_updated)", [$max_seq]); - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_hosts` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog_hosts` (host, last_updated) SELECT DISTINCT host, NOW() AS last_updated - FROM `' . $syslogdb_default . '`.`syslog_incoming` + FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 AND `seq` <= ? ON DUPLICATE KEY UPDATE - host=VALUES(host), - last_updated=NOW()', + host = VALUES(host), + last_updated = NOW()", [$max_seq]); - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_host_facilities` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog_host_facilities` (host_id, facility_id) SELECT host_id, facility_id FROM ( ( SELECT DISTINCT host, facility_id - FROM `' . $syslogdb_default . '`.`syslog_incoming` + FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 AND `seq` <= ? ) AS s - INNER JOIN `' . $syslogdb_default . '`.`syslog_hosts` AS sh + INNER JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON s.host = sh.host ) ON DUPLICATE KEY UPDATE - host_id=VALUES(host_id), - last_updated=NOW()', + host_id = VALUES(host_id), + last_updated = NOW()", [$max_seq]); } @@ -1979,7 +1983,7 @@ function syslog_update_statistics($max_seq) { global $syslogdb_default, $syslog_cnn; if (read_config_option('syslog_statistics') == 'on') { - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog_statistics` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog_statistics` (host_id, facility_id, priority_id, program_id, insert_time, records) SELECT host_id, facility_id, priority_id, program_id, NOW(), SUM(records) AS records FROM (SELECT host_id, facility_id, priority_id, program_id, COUNT(*) AS records @@ -1991,7 +1995,7 @@ function syslog_update_statistics($max_seq) { WHERE si.`status` = 1 AND si.`seq` <= ? GROUP BY host_id, priority_id, facility_id, program_id) AS merge - GROUP BY host_id, priority_id, facility_id, program_id', + GROUP BY host_id, priority_id, facility_id, program_id", [$max_seq]); $stats = db_affected_rows($syslog_cnn); @@ -2014,7 +2018,7 @@ function syslog_update_statistics($max_seq) { function syslog_incoming_to_syslog($max_seq) { global $syslogdb_default, $syslog_cnn; - syslog_db_execute_prepared('INSERT INTO `' . $syslogdb_default . '`.`syslog` + syslog_db_execute_prepared("INSERT INTO `$syslogdb_default`.`syslog` (logtime, priority_id, facility_id, program_id, host_id, message) SELECT logtime, priority_id, facility_id, program_id, host_id, message FROM ( @@ -2026,7 +2030,7 @@ function syslog_incoming_to_syslog($max_seq) { ON sp.program = si.program WHERE si.`status` = 1 AND si.`seq` <= ? - ) AS merge', + ) AS merge", [$max_seq]); $moved = db_affected_rows($syslog_cnn); @@ -2036,14 +2040,14 @@ function syslog_incoming_to_syslog($max_seq) { syslog_debug(sprintf('Moved %5s - Message(s) to the syslog table', $moved)); - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_incoming` + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_incoming` WHERE `status` = 1 - AND `seq` <= ?', + AND `seq` <= ?", [$max_seq]); syslog_debug(sprintf('Deleted %5s - Already Processed Message(s) from incoming', db_affected_rows($syslog_cnn))); - syslog_db_execute('DELETE FROM `' . $syslogdb_default . '`.`syslog_incoming` WHERE logtime < DATE_SUB(NOW(), INTERVAL 1 HOUR)'); + syslog_db_execute("DELETE FROM `$syslogdb_default`.`syslog_incoming` WHERE logtime < DATE_SUB(NOW(), INTERVAL 1 HOUR)"); $stale = db_affected_rows($syslog_cnn); @@ -2070,40 +2074,40 @@ function syslog_postprocess_tables() { // remove stats messages if (read_config_option('syslog_statistics') == 'on') { if (read_config_option('syslog_retention') > 0) { - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_statistics` - WHERE insert_time < ?', + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_statistics` + WHERE insert_time < ?", [$delete_date]); syslog_debug(sprintf('Deleted %5s - Syslog Statistics Record(s)', db_affected_rows($syslog_cnn))); } } else { - syslog_db_execute('TRUNCATE `' . $syslogdb_default . '`.`syslog_statistics`'); + syslog_db_execute("TRUNCATE `$syslogdb_default`.`syslog_statistics`"); } // remove alert log messages if (read_config_option('syslog_alert_retention') > 0) { api_plugin_hook_function('syslog_delete_hostsalarm', $delete_date); - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_logs` - WHERE logtime < ?', + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_logs` + WHERE logtime < ?", [$delete_date]); syslog_debug(sprintf('Deleted %5s - Syslog alarm log Record(s)', db_affected_rows($syslog_cnn))); - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_hosts` - WHERE last_updated < ?', + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_hosts` + WHERE last_updated < ?", [$delete_date]); syslog_debug(sprintf('Deleted %5s - Syslog Host Record(s)', db_affected_rows($syslog_cnn))); - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_programs` - WHERE last_updated < ?', + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_programs` + WHERE last_updated < ?", [$delete_date]); syslog_debug(sprintf('Deleted %5s - Old programs from programs table', db_affected_rows($syslog_cnn))); - syslog_db_execute_prepared('DELETE FROM `' . $syslogdb_default . '`.`syslog_host_facilities` - WHERE last_updated < ?', + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_host_facilities` + WHERE last_updated < ?", [$delete_date]); syslog_debug(sprintf('Deleted %5s - Syslog Host/Facility Record(s)', db_affected_rows($syslog_cnn))); @@ -2114,17 +2118,17 @@ function syslog_postprocess_tables() { syslog_debug('Optimizing Tables'); if (!syslog_is_partitioned()) { - syslog_db_execute('OPTIMIZE TABLE - `' . $syslogdb_default . '`.`syslog_incoming`, - `' . $syslogdb_default . '`.`syslog`, - `' . $syslogdb_default . '`.`syslog_remove`, - `' . $syslogdb_default . '`.`syslog_removed`, - `' . $syslogdb_default . '`.`syslog_alert`'); + syslog_db_execute("OPTIMIZE TABLE + `$syslogdb_default`.`syslog_incoming`, + `$syslogdb_default`.`syslog`, + `$syslogdb_default`.`syslog_remove`, + `$syslogdb_default`.`syslog_removed`, + `$syslogdb_default`.`syslog_alert`"); } else { - syslog_db_execute('OPTIMIZE TABLE - `' . $syslogdb_default . '`.`syslog_incoming`, - `' . $syslogdb_default . '`.`syslog_remove`, - `' . $syslogdb_default . '`.`syslog_alert`'); + syslog_db_execute("OPTIMIZE TABLE + `$syslogdb_default`.`syslog_incoming`, + `$syslogdb_default`.`syslog_remove`, + `$syslogdb_default`.`syslog_alert`"); } } } @@ -2157,9 +2161,9 @@ function syslog_process_reports() { } // Lets run the reports - $reports = syslog_db_fetch_assoc('SELECT * - FROM `' . $syslogdb_default . "`.`syslog_reports` - WHERE enabled='on'"); + $reports = syslog_db_fetch_assoc("SELECT * + FROM `$syslogdb_default`.`syslog_reports` + WHERE enabled = 'on'"); $total_reports = cacti_sizeof($reports); $sent_reports = 0; @@ -2200,9 +2204,9 @@ function syslog_process_reports() { $time_till_next_run = $next_run_time - $current_time; if ($time_till_next_run < 0 || $forcer) { - syslog_db_execute_prepared('UPDATE `' . $syslogdb_default . '`.`syslog_reports` + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_reports` SET lastsent = ? - WHERE id = ?', + WHERE id = ?", [time(), $report['id']]); syslog_debug('Next Send - Now'); @@ -2302,57 +2306,57 @@ function syslog_get_report_sql(&$report) { global $syslogdb_default; if ($report['type'] == 'messageb') { - $sql = 'SELECT sl.*, sh.host - FROM `' . $syslogdb_default . '`.`syslog` AS sl - INNER JOIN `' . $syslogdb_default . '`.`syslog_hosts` AS sh + $sql = "SELECT sl.*, sh.host + FROM `$syslogdb_default`.`syslog` AS sl + INNER JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON sl.host_id = sh.host_id - WHERE message LIKE ' . db_qstr($report['message'] . '%'); + WHERE message LIKE " . db_qstr($report['message'] . '%'); } if ($report['type'] == 'messagec') { - $sql = 'SELECT sl.*, sh.host - FROM `' . $syslogdb_default . '`.`syslog` AS sl - INNER JOIN `' . $syslogdb_default . '`.`syslog_hosts` AS sh + $sql = "SELECT sl.*, sh.host + FROM `$syslogdb_default`.`syslog` AS sl + INNER JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON sl.host_id = sh.host_id - WHERE message LIKE ' . db_qstr('%' . $report['message'] . '%'); + WHERE message LIKE " . db_qstr('%' . $report['message'] . '%'); } if ($report['type'] == 'messagee') { - $sql = 'SELECT sl.*, sh.host - FROM `' . $syslogdb_default . '`.`syslog` AS sl - INNER JOIN `' . $syslogdb_default . '`.`syslog_hosts` AS sh + $sql = "SELECT sl.*, sh.host + FROM `$syslogdb_default`.`syslog` AS sl + INNER JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON sl.host_id = sh.host_id - WHERE message LIKE ' . db_qstr('%' . $report['message']); + WHERE message LIKE " . db_qstr('%' . $report['message']); } if ($report['type'] == 'host') { - $sql = 'SELECT sl.*, sh.host - FROM `' . $syslogdb_default . '`.`syslog` AS sl - INNER JOIN `' . $syslogdb_default . '`.`syslog_hosts` AS sh + $sql = "SELECT sl.*, sh.host + FROM `$syslogdb_default`.`syslog` AS sl + INNER JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON sl.host_id = sh.host_id - WHERE sh.host = ' . db_qstr($report['message']); + WHERE sh.host = " . db_qstr($report['message']); } if ($report['type'] == 'facility') { - $sql = 'SELECT sl.*, sf.facility - FROM `' . $syslogdb_default . '`.`syslog` AS sl - INNER JOIN `' . $syslogdb_default . '`.`syslog_facilities` AS sf + $sql = "SELECT sl.*, sf.facility + FROM `$syslogdb_default`.`syslog` AS sl + INNER JOIN `$syslogdb_default`.`syslog_facilities` AS sf ON sl.facility_id = sf.facility_id - WHERE sf.facility = ' . db_qstr($report['message']); + WHERE sf.facility = " . db_qstr($report['message']); } if ($report['type'] == 'program') { - $sql = 'SELECT sl.*, sp.program - FROM `' . $syslogdb_default . '`.`syslog` AS sl - INNER JOIN `' . $syslogdb_default . '`.`syslog_programs` AS sp + $sql = "SELECT sl.*, sp.program + FROM `$syslogdb_default`.`syslog` AS sl + INNER JOIN `$syslogdb_default`.`syslog_programs` AS sp ON sl.program_id = sp.program_id - WHERE sp.program = ' . db_qstr($report['message']); + WHERE sp.program = " . db_qstr($report['message']); } if ($report['type'] == 'sql') { - $sql = 'SELECT * - FROM `' . $syslogdb_default . '`.`syslog` - WHERE (' . $report['message'] . ')'; + $sql = "SELECT * + FROM `$syslogdb_default`.`syslog` + WHERE (" . $report['message'] . ')'; } return $sql; diff --git a/setup.php b/setup.php index 5a72355..c51c365 100644 --- a/setup.php +++ b/setup.php @@ -38,7 +38,7 @@ function plugin_syslog_install() { syslog_connect(); - $syslog_exists = sizeof(syslog_db_fetch_row('SHOW TABLES FROM `' . $syslogdb_default . "` LIKE 'syslog'")); + $syslog_exists = sizeof(syslog_db_fetch_row("SHOW TABLES FROM `$syslogdb_default` LIKE 'syslog'")); // ================= input validation ================= get_filter_request_var('days'); @@ -122,23 +122,23 @@ function plugin_syslog_uninstall() { if (isset_request_var('uninstall_method')) { if (get_nfilter_request_var('uninstall_method') == 'all') { // do the big tables first - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_removed`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_removed`"); // do the settings tables last - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_incoming`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_alert`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_remove`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_reports`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_facilities`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_statistics`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_host_facilities`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_priorities`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_logs`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_hosts`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_incoming`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_alert`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_remove`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_reports`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_facilities`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_statistics`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_host_facilities`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_priorities`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_logs`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_hosts`"); } else { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog`'); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_removed`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog`"); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_removed`"); } } elseif (function_exists('syslog_uninstall_advisor')) { syslog_uninstall_advisor(); @@ -440,7 +440,7 @@ function syslog_create_partitioned_syslog_table($engine = 'InnoDB', $days = 30) $row_format = 'ROW_FORMAT=Dynamic'; } - $sql = 'CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog` ( + $sql = "CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog` ( facility_id int(10) unsigned default NULL, priority_id int(10) unsigned default NULL, program_id int(10) unsigned default NULL, @@ -465,10 +465,12 @@ function syslog_create_partitioned_syslog_table($engine = 'InnoDB', $days = 30) for ($i = $days; $i >= -1; $i--) { $timestamp = $now - ($i * 86400); - $date = date('Y-m-d', $timestamp); - $format = date('Ymd', $timestamp - 86400); + $date = gmdate('Y-m-d', $timestamp); + $format = gmdate('Ymd', strtotime('- 1 day', $timestamp)); + $parts .= ($parts != '' ? ",\n" : '(') . ' PARTITION d' . $format . " VALUES LESS THAN (TO_DAYS('" . $date . "'))"; } + $parts .= ",\nPARTITION dMaxValue VALUES LESS THAN MAXVALUE);"; syslog_db_execute($sql . $parts); @@ -521,7 +523,7 @@ function syslog_setup_table_new($options) { $truncate = isset($options['upgrade_type']) && $options['upgrade_type'] == 'truncate' ? true : false; $engine = isset($options['engine']) && $options['engine'] == 'innodb' ? 'InnoDB' : $options['engine']; $partitioned = isset($options['db_type']) && $options['db_type'] == 'part' ? true : false; - $syslogexists = sizeof(syslog_db_fetch_row('SHOW TABLES FROM `' . $syslogdb_default . "` LIKE 'syslog'")); + $syslogexists = sizeof(syslog_db_fetch_row("SHOW TABLES FROM `$syslogdb_default` LIKE 'syslog'")); // set table construction settings for the remote pollers set_config_option('syslog_install_upgrade_type', empty($options['upgrade_type']) ? '' : $options['upgrade_type'], true); @@ -530,7 +532,7 @@ function syslog_setup_table_new($options) { set_config_option('syslog_install_days', empty($options['days']) ? '' : $options['days'], true); if ($truncate) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog`"); } if (stripos($engine, 'aria') !== false) { @@ -540,7 +542,7 @@ function syslog_setup_table_new($options) { } if (!$partitioned) { - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog` ( facility_id int(10) unsigned default NULL, priority_id int(10) unsigned default NULL, program_id int(10) unsigned default NULL, @@ -562,10 +564,10 @@ function syslog_setup_table_new($options) { } if ($truncate) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_alert`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_alert`"); } - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_alert` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_alert` ( `id` int(10) NOT NULL auto_increment, `hash` varchar(32) NOT NULL default '', `name` varchar(255) NOT NULL default '', @@ -589,10 +591,10 @@ function syslog_setup_table_new($options) { ENGINE=InnoDB"); if ($truncate) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_incoming`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_incoming`"); } - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_incoming` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_incoming` ( facility_id int(10) unsigned default NULL, priority_id int(10) unsigned default NULL, program varchar(40) default NULL, @@ -608,10 +610,10 @@ function syslog_setup_table_new($options) { ROW_FORMAT=Dynamic"); if ($truncate) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_remove`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_remove`"); } - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_remove` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_remove` ( id int(10) NOT NULL auto_increment, `hash` varchar(32) NOT NULL default '', name varchar(255) NOT NULL default '', @@ -626,19 +628,19 @@ function syslog_setup_table_new($options) { ENGINE=$engine $row_format"); - $present = syslog_db_fetch_row('SHOW TABLES FROM `' . $syslogdb_default . "` LIKE 'syslog_reports'"); + $present = syslog_db_fetch_row("SHOW TABLES FROM `$syslogdb_default` LIKE 'syslog_reports'"); if (cacti_sizeof($present)) { - $newreport = sizeof(syslog_db_fetch_row('SHOW COLUMNS FROM `' . $syslogdb_default . "`.`syslog_reports` LIKE 'body'")); + $newreport = sizeof(syslog_db_fetch_row("SHOW COLUMNS FROM `$syslogdb_default`.`syslog_reports` LIKE 'body'")); } else { $newreport = true; } if ($truncate || !$newreport) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_reports`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_reports`"); } - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_reports` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_reports` ( id int(10) NOT NULL auto_increment, `hash` varchar(32) NOT NULL default '', name varchar(255) NOT NULL default '', @@ -659,10 +661,10 @@ function syslog_setup_table_new($options) { ROW_FORMAT=Dynamic"); if ($truncate) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_hosts`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_hosts`"); } - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_programs` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_programs` ( `program_id` int(10) unsigned NOT NULL auto_increment, `program` VARCHAR(40) NOT NULL, `last_updated` TIMESTAMP NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, @@ -673,7 +675,7 @@ function syslog_setup_table_new($options) { ROW_FORMAT=Dynamic COMMENT='Contains all programs currently in the syslog table'"); - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_hosts` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_hosts` ( `host_id` int(10) unsigned NOT NULL auto_increment, `host` VARCHAR(64) NOT NULL, `last_updated` TIMESTAMP NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, @@ -684,52 +686,52 @@ function syslog_setup_table_new($options) { ROW_FORMAT=Dynamic COMMENT='Contains all hosts currently in the syslog table'"); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_facilities`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_facilities`"); - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . '`.`syslog_facilities` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_facilities` ( `facility_id` int(10) unsigned NOT NULL, `facility` varchar(10) NOT NULL, `last_updated` TIMESTAMP NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (`facility_id`), INDEX last_updated (`last_updated`)) ENGINE=InnoDB - ROW_FORMAT=Dynamic'); + ROW_FORMAT=Dynamic"); - syslog_db_execute('INSERT INTO `' . $syslogdb_default . "`.`syslog_facilities` (facility_id, facility) VALUES + syslog_db_execute("INSERT INTO `$syslogdb_default`.`syslog_facilities` (facility_id, facility) VALUES (0,'kern'), (1,'user'), (2,'mail'), (3,'daemon'), (4,'auth'), (5,'syslog'), (6,'lpd'), (7,'news'), (8,'uucp'), (9,'crond'), (10,'authpriv'), (11,'ftpd'), (12,'ntpd'), (13,'logaudit'), (14,'logalert'), (15,'crond'), (16,'local0'), (17,'local1'), (18,'local2'), (19,'local3'), (20,'local4'), (21,'local5'), - (22,'local6'), (23,'local7');"); + (22,'local6'), (23,'local7')"); - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_priorities`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_priorities`"); - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . '`.`syslog_priorities` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_priorities` ( `priority_id` int(10) unsigned NOT NULL, `priority` varchar(10) NOT NULL, `last_updated` TIMESTAMP NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (`priority_id`), INDEX last_updated (`last_updated`)) ENGINE=InnoDB - ROW_FORMAT=Dynamic'); + ROW_FORMAT=Dynamic"); - syslog_db_execute('INSERT INTO `' . $syslogdb_default . "`.`syslog_priorities` (priority_id, priority) VALUES - (0,'emerg'), (1,'alert'), (2,'crit'), (3,'err'), (4,'warning'), (5,'notice'), (6,'info'), (7,'debug'), (8,'other');"); + syslog_db_execute("INSERT INTO `$syslogdb_default`.`syslog_priorities` (priority_id, priority) VALUES + (0,'emerg'), (1,'alert'), (2,'crit'), (3,'err'), (4,'warning'), (5,'notice'), (6,'info'), (7,'debug'), (8,'other')"); - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . '`.`syslog_host_facilities` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_host_facilities` ( `host_id` int(10) unsigned NOT NULL, `facility_id` int(10) unsigned NOT NULL, `last_updated` TIMESTAMP NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (`host_id`,`facility_id`)) ENGINE=InnoDB - ROW_FORMAT=Dynamic'); + ROW_FORMAT=Dynamic"); if ($truncate) { - syslog_db_execute('DROP TABLE IF EXISTS `' . $syslogdb_default . '`.`syslog_removed`'); + syslog_db_execute("DROP TABLE IF EXISTS `$syslogdb_default`.`syslog_removed`"); } - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . '`.`syslog_removed` LIKE `' . $syslogdb_default . '`.`syslog`'); + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_removed` LIKE `$syslogdb_default`.`syslog`"); - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_logs` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_logs` ( alert_id int(10) unsigned not null default '0', logseq bigint unsigned NOT NULL, logtime TIMESTAMP NOT NULL default '0000-00-00 00:00:00', @@ -752,7 +754,7 @@ function syslog_setup_table_new($options) { ENGINE=InnoDB ROW_FORMAT=Dynamic"); - syslog_db_execute('CREATE TABLE IF NOT EXISTS `' . $syslogdb_default . "`.`syslog_statistics` ( + syslog_db_execute("CREATE TABLE IF NOT EXISTS `$syslogdb_default`.`syslog_statistics` ( `id` bigint UNSIGNED auto_increment, `host_id` int(10) UNSIGNED NOT NULL, `facility_id` int(10) UNSIGNED NOT NULL, @@ -769,7 +771,7 @@ function syslog_setup_table_new($options) { INDEX `insert_time`(`insert_time`)) ENGINE=InnoDB ROW_FORMAT=Dynamic - COMMENT='Maintains High Level Statistics';"); + COMMENT='Maintains High Level Statistics'"); if (!isset($settings['syslog'])) { syslog_config_settings(); @@ -1023,7 +1025,7 @@ function syslog_uninstall_advisor() { syslog_connect(); - $syslog_exists = sizeof(syslog_db_fetch_row('SHOW TABLES FROM `' . $syslogdb_default . "` LIKE 'syslog'")); + $syslog_exists = sizeof(syslog_db_fetch_row("SHOW TABLES FROM `$syslogdb_default` LIKE 'syslog'")); top_header(); diff --git a/syslog.php b/syslog.php index 5953347..e23c818 100644 --- a/syslog.php +++ b/syslog.php @@ -127,8 +127,8 @@ function get_ajax_hosts() { $term = '%' . get_nfilter_request_var('term') . '%'; if (syslog_db_table_exists('host', false)) { - $hosts = syslog_db_fetch_assoc_prepared('SELECT DISTINCT sh.host_id, sh.host, h.id - FROM `' . $syslogdb_default . "`.`syslog_hosts` AS sh + $hosts = syslog_db_fetch_assoc_prepared("SELECT DISTINCT sh.host_id, sh.host, h.id + FROM `$syslogdb_default`.`syslog_hosts` AS sh LEFT JOIN host AS h ON sh.host = h.hostname OR sh.host = h.description @@ -141,7 +141,7 @@ function get_ajax_hosts() { [$term, $term]); } else { $hosts = syslog_db_fetch_assoc_prepared("SELECT DISTINCT sh.host_id, sh.host, '0' AS id - FROM `" . $syslogdb_default . "`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_hosts` AS sh WHERE sh.host LIKE ? ORDER BY host LIMIT $ac_rows", @@ -214,9 +214,9 @@ function syslog_view_alarm() { print "" . __('Syslog Alert View', 'syslog') . ''; print ""; - $html = syslog_db_fetch_cell_prepared('SELECT html - FROM `' . $syslogdb_default . '`.`syslog_logs` - WHERE seq = ?', + $html = syslog_db_fetch_cell_prepared("SELECT html + FROM `$syslogdb_default`.`syslog_logs` + WHERE seq = ?", [get_request_var('id')]); print trim($html, "' "); @@ -316,8 +316,8 @@ function syslog_statistics() { $records = get_stats_records($sql_where, $sql_params, $sql_groupby, $rows); - $rows_query_string = 'SELECT COUNT(*) - FROM `' . $syslogdb_default . "`.`syslog_statistics` AS ss + $rows_query_string = "SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_statistics` AS ss $sql_where $sql_groupby"; @@ -475,17 +475,17 @@ function get_stats_records(&$sql_where, &$sql_params, &$sql_groupby, $rows) { $query_sql = "SELECT sh.host, sf.facility, sp.priority, spr.program, records, insert_time FROM ( SELECT host_id, facility_id, priority_id, program_id, sum(records) AS records, $time - FROM `" . $syslogdb_default . "`.`syslog_statistics` AS ss + FROM `$syslogdb_default`.`syslog_statistics` AS ss $sql_where $sql_groupby ) AS ss - LEFT JOIN `" . $syslogdb_default . '`.`syslog_facilities` AS sf + LEFT JOIN `$syslogdb_default`.`syslog_facilities` AS sf ON ss.facility_id=sf.facility_id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_priorities` AS sp + LEFT JOIN `$syslogdb_default`.`syslog_priorities` AS sp ON ss.priority_id=sp.priority_id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` AS spr + LEFT JOIN `$syslogdb_default`.`syslog_programs` AS spr ON ss.program_id=spr.program_id - LEFT JOIN `' . $syslogdb_default . "`.`syslog_hosts` AS sh + LEFT JOIN `$syslogdb_default`.`syslog_hosts` AS sh ON ss.host_id=sh.host_id $sql_order $sql_limit"; @@ -520,8 +520,8 @@ function syslog_stats_filter() { } if (syslog_db_table_exists('host', false)) { - $hosts = syslog_db_fetch_assoc('SELECT DISTINCT sh.host_id, sh.host, h.id - FROM `' . $syslogdb_default . "`.`syslog_hosts` AS sh + $hosts = syslog_db_fetch_assoc("SELECT DISTINCT sh.host_id, sh.host, h.id + FROM `$syslogdb_default`.`syslog_hosts` AS sh LEFT JOIN host AS h ON sh.host = h.hostname OR sh.host = h.description @@ -531,7 +531,7 @@ function syslog_stats_filter() { LIMIT $ac_rows"); } else { $hosts = syslog_db_fetch_assoc("SELECT DISTINCT sh.host_id, sh.host, '0' AS id - FROM `" . $syslogdb_default . "`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_hosts` AS sh ORDER BY host LIMIT $ac_rows"); } @@ -550,7 +550,7 @@ function syslog_stats_filter() { print ' selected'; } - print '>' . $host['host'] . ''; + print '>' . html_escape($host['host']) . ''; } } ?> @@ -564,9 +564,9 @@ function syslog_stats_filter() { ' . ucfirst($r['facility']) . ''; + print '>' . html_escape(ucfirst($r['facility'])) . ''; } } ?> @@ -590,9 +590,9 @@ function syslog_stats_filter() { ' . ucfirst($r['priority']) . ''; + print '>' . html_escape(ucfirst($r['priority'])) . ''; } } ?> @@ -928,9 +928,9 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { if ($thold_pos !== false) { $ids = array_rekey( - syslog_db_fetch_assoc('SELECT id - FROM `' . $syslogdb_default . '`.`syslog_alert` - WHERE method = 1'), + syslog_db_fetch_assoc("SELECT id + FROM `$syslogdb_default`.`syslog_alert` + WHERE method = 1"), 'id', 'id' ); @@ -1070,10 +1070,10 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list - FROM `" . $syslogdb_default . '`.`syslog` - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + FROM `$syslogdb_default`.`syslog` + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id=syslog_programs.program_id + $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id $sql_order $sql_limit"; @@ -1092,10 +1092,10 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list - FROM `" . $syslogdb_default . '`.`syslog` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + FROM `$syslogdb_default`.`syslog` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id=syslog_programs.program_id + $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id ) UNION (SELECT syslog.host_id, @@ -1110,10 +1110,10 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list - FROM `" . $syslogdb_default . '`.`syslog_removed` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + FROM `$syslogdb_default`.`syslog_removed` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id=syslog_programs.program_id + $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id ) ) AS grouped_results @@ -1133,10 +1133,10 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list - FROM `" . $syslogdb_default . '`.`syslog_removed` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` AS syslog_programs - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + FROM `$syslogdb_default`.`syslog_removed` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` AS syslog_programs + ON syslog.program_id=syslog_programs.program_id + $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id $sql_order $sql_limit"; @@ -1145,47 +1145,47 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { // Original non-grouped queries if (get_request_var('removal') == '-1') { $query_sql = "SELECT syslog.*, syslog_programs.program, 'main' AS mtype - FROM `" . $syslogdb_default . '`.`syslog` - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + FROM `$syslogdb_default`.`syslog` + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id=syslog_programs.program_id + $sql_where $sql_order $sql_limit"; } elseif (get_request_var('removal') == '1') { $query_sql = "(SELECT syslog.*, syslog_programs.program, 'main' AS mtype - FROM `" . $syslogdb_default . '`.`syslog` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` + FROM `$syslogdb_default`.`syslog` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + $sql_where ) UNION (SELECT syslog.*, syslog_programs.program, 'remove' AS mtype - FROM `" . $syslogdb_default . '`.`syslog_removed` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . ") + FROM `$syslogdb_default`.`syslog_removed` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id=syslog_programs.program_id + $sql_where) $sql_order $sql_limit"; } else { $query_sql = "SELECT syslog.*, syslog_programs.program, 'remove' AS mtype - FROM `" . $syslogdb_default . '`.`syslog_removed` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` AS syslog_programs - ON syslog.program_id=syslog_programs.program_id ' . - $sql_where . " + FROM `$syslogdb_default`.`syslog_removed` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` AS syslog_programs + ON syslog.program_id=syslog_programs.program_id + $sql_where $sql_order $sql_limit"; } } } else { - $query_sql = 'SELECT syslog.*, sf.facility, sp.priority, spr.program, sa.name, sa.severity - FROM `' . $syslogdb_default . '`.`syslog_logs` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_facilities` AS sf + $query_sql = "SELECT syslog.*, sf.facility, sp.priority, spr.program, sa.name, sa.severity + FROM `$syslogdb_default`.`syslog_logs` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_facilities` AS sf ON syslog.facility_id=sf.facility_id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_priorities` AS sp + LEFT JOIN `$syslogdb_default`.`syslog_priorities` AS sp ON syslog.priority_id=sp.priority_id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_alert` AS sa + LEFT JOIN `$syslogdb_default`.`syslog_alert` AS sa ON syslog.alert_id=sa.id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` AS spr - ON syslog.program_id=spr.program_id ' . - $sql_where . " + LEFT JOIN `$syslogdb_default`.`syslog_programs` AS spr + ON syslog.program_id=spr.program_id + $sql_where $sql_order $sql_limit"; } @@ -1199,7 +1199,7 @@ function syslog_filter($sql_where, $tab) { global $config, $graph_timespans, $graph_timeshifts, $reset_multi, $page_refresh_interval, $item_rows, $trimvals; global $syslogdb_default; - $unprocessed = syslog_db_fetch_cell('SELECT COUNT(*) FROM `' . $syslogdb_default . '`.`syslog_incoming`'); + $unprocessed = syslog_db_fetch_cell("SELECT COUNT(*) FROM `$syslogdb_default`.`syslog_incoming`"); if (isset_request_var('date1')) { $filter_text = __esc(' [ Start: \'%s\' to End: \'%s\', Unprocessed Messages: %s ]', get_request_var('date1'), get_request_var('date2'), $unprocessed, 'syslog'); @@ -1242,12 +1242,12 @@ function syslog_filter($sql_where, $tab) { $end_val = sizeof($graph_timespans); } - if (cacti_sizeof($graph_timespans)) { - foreach ($graph_timespans as $index => $value) { - print "'; - } - } - ?> + if (cacti_sizeof($graph_timespans)) { + foreach ($graph_timespans as $index => $value) { + print "'; + } + } + ?> @@ -1274,19 +1274,19 @@ function syslog_filter($sql_where, $tab) { @@ -1362,7 +1362,7 @@ function syslog_filter($sql_where, $tab) { $hosts = syslog_db_fetch_assoc("SELECT * FROM ( SELECT DISTINCT sh.host_id, sh.host, h.id, '1' AS selected - FROM `" . $syslogdb_default . "`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_hosts` AS sh LEFT JOIN host AS h ON sh.host = h.hostname OR sh.host = h.description @@ -1371,7 +1371,7 @@ function syslog_filter($sql_where, $tab) { $mhosts_where UNION SELECT DISTINCT sh.host_id, sh.host, h.id, '0' AS selected - FROM `" . $syslogdb_default . "`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_hosts` AS sh LEFT JOIN host AS h ON sh.host = h.hostname OR sh.host = h.description @@ -1382,8 +1382,8 @@ function syslog_filter($sql_where, $tab) { ORDER BY selected DESC, host LIMIT $ac_rows"); } else { - $hosts = syslog_db_fetch_assoc('SELECT DISTINCT sh.host_id, sh.host, h.id - FROM `' . $syslogdb_default . "`.`syslog_hosts` AS sh + $hosts = syslog_db_fetch_assoc("SELECT DISTINCT sh.host_id, sh.host, h.id + FROM `$syslogdb_default`.`syslog_hosts` AS sh LEFT JOIN host AS h ON sh.host = h.hostname OR sh.host = h.description @@ -1398,18 +1398,18 @@ function syslog_filter($sql_where, $tab) { $hosts = syslog_db_fetch_assoc("SELECT * FROM ( SELECT DISTINCT sh.host_id, sh.host, '0' AS id, '1' AS selected - FROM `" . $syslogdb_default . "`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_hosts` AS sh $mhosts_where UNION SELECT DISTINCT sh.host_id, sh.host, '0' AS id, '0' AS selected - FROM `" . $syslogdb_default . "`.`syslog_hosts` AS sh + FROM `$syslogdb_default`.`syslog_hosts` AS sh $mhosts_nwhere ) AS rs ORDER BY selected DESC, host LIMIT $ac_rows"); } else { - $hosts = syslog_db_fetch_assoc('SELECT DISTINCT sh.host_id, sh.host, "0" AS id - FROM `' . $syslogdb_default . "`.`syslog_hosts` AS sh + $hosts = syslog_db_fetch_assoc("SELECT DISTINCT sh.host_id, sh.host, '0 AS id + FROM `$syslogdb_default`.`syslog_hosts` AS sh $hosts_where ORDER BY host LIMIT $ac_rows"); @@ -1437,7 +1437,7 @@ function syslog_filter($sql_where, $tab) { } print '>'; - print $host['host'] . ''; + print html_escape($host['host']) . ''; } } ?> @@ -1515,10 +1515,10 @@ function syslog_filter($sql_where, $tab) { $hostfilter = ''; } - $efacilities = syslog_db_fetch_assoc('SELECT DISTINCT f.facility_id, f.facility - FROM `' . $syslogdb_default . '`.`syslog_host_facilities` AS fh - INNER JOIN `' . $syslogdb_default . '`.`syslog_facilities` AS f - ON f.facility_id=fh.facility_id ' . ($hostfilter != '' ? 'WHERE ' : '') . $hostfilter . ' + $efacilities = syslog_db_fetch_assoc("SELECT DISTINCT f.facility_id, f.facility + FROM `$syslogdb_default`.`syslog_host_facilities` AS fh + INNER JOIN `$syslogdb_default`.`syslog_facilities` AS f + ON f.facility_id=fh.facility_id " . ($hostfilter != '' ? 'WHERE ' : '') . $hostfilter . ' ORDER BY facility'); if (cacti_sizeof($efacilities)) { @@ -1529,7 +1529,7 @@ function syslog_filter($sql_where, $tab) { print ' selected'; } - print '>' . ucfirst($efacility['facility']) . ''; + print '>' . html_escape(ucfirst($efacility['facility'])) . ''; } } ?> @@ -1709,57 +1709,57 @@ function syslog_messages($tab = 'syslog') { $total_rows = syslog_db_fetch_cell("SELECT SUM(totals) FROM ( SELECT COUNT(DISTINCT CONCAT(host_id, '|', message, '|', program_id, '|', facility_id, '|', priority_id)) AS totals - FROM `" . $syslogdb_default . "`.`syslog` AS syslog + FROM `$syslogdb_default`.`syslog` AS syslog $sql_where UNION SELECT COUNT(DISTINCT CONCAT(host_id, '|', message, '|', program_id, '|', facility_id, '|', priority_id)) AS totals - FROM `" . $syslogdb_default . "`.`syslog_removed` AS syslog + FROM `$syslogdb_default`.`syslog_removed` AS syslog $sql_where ) AS rowcount"); } elseif (get_request_var('removal') == -1) { $total_rows = syslog_db_fetch_cell("SELECT COUNT(DISTINCT CONCAT(host_id, '|', message, '|', program_id, '|', facility_id, '|', priority_id)) - FROM `" . $syslogdb_default . "`.`syslog` AS syslog + FROM `$syslogdb_default`.`syslog` AS syslog $sql_where"); } else { $total_rows = syslog_db_fetch_cell("SELECT COUNT(DISTINCT CONCAT(host_id, '|', message, '|', program_id, '|', facility_id, '|', priority_id)) - FROM `" . $syslogdb_default . "`.`syslog_removed` AS syslog + FROM `$syslogdb_default`.`syslog_removed` AS syslog $sql_where"); } } else { // Original non-grouped row counting if (get_request_var('removal') == 1) { - $total_rows = syslog_db_fetch_cell('SELECT SUM(totals) + $total_rows = syslog_db_fetch_cell("SELECT SUM(totals) FROM ( - SELECT count(*) AS totals - FROM `' . $syslogdb_default . "`.`syslog` AS syslog + SELECT COUNT(*) AS totals + FROM `$syslogdb_default`.`syslog` AS syslog $sql_where UNION - SELECT count(*) AS totals - FROM `" . $syslogdb_default . "`.`syslog_removed` AS syslog + SELECT COUNT(*) AS totals + FROM `$syslogdb_default`.`syslog_removed` AS syslog $sql_where ) AS rowcount"); } elseif (get_request_var('removal') == -1) { - $total_rows = syslog_db_fetch_cell('SELECT count(*) - FROM `' . $syslogdb_default . "`.`syslog` AS syslog + $total_rows = syslog_db_fetch_cell("SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog` AS syslog $sql_where"); } else { - $total_rows = syslog_db_fetch_cell('SELECT count(*) - FROM `' . $syslogdb_default . "`.`syslog_removed` AS syslog + $total_rows = syslog_db_fetch_cell("SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_removed` AS syslog $sql_where"); } } } else { - $total_rows = syslog_db_fetch_cell('SELECT count(*) - FROM `' . $syslogdb_default . '`.`syslog_logs` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_facilities` AS sf + $total_rows = syslog_db_fetch_cell("SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_logs` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_facilities` AS sf ON syslog.facility_id=sf.facility_id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_priorities` AS sp + LEFT JOIN `$syslogdb_default`.`syslog_priorities` AS sp ON syslog.priority_id=sp.priority_id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_alert` AS sa + LEFT JOIN `$syslogdb_default`.`syslog_alert` AS sa ON syslog.alert_id=sa.id - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` AS spr - ON syslog.program_id=spr.program_id ' . - $sql_where); + LEFT JOIN `$syslogdb_default`.`syslog_programs` AS spr + ON syslog.program_id=spr.program_id + $sql_where"); } if ($tab == 'syslog') { @@ -1804,20 +1804,20 @@ function syslog_messages($tab = 'syslog') { html_header_sort($display_text, get_request_var('sort_column'), get_request_var('sort_direction')); $hosts = array_rekey( - syslog_db_fetch_assoc('SELECT host_id, host - FROM `' . $syslogdb_default . '`.`syslog_hosts`'), + syslog_db_fetch_assoc("SELECT host_id, host + FROM `$syslogdb_default`.`syslog_hosts`"), 'host_id', 'host' ); $facilities = array_rekey( - syslog_db_fetch_assoc('SELECT facility_id, facility - FROM `' . $syslogdb_default . '`.`syslog_facilities`'), + syslog_db_fetch_assoc("SELECT facility_id, facility + FROM `$syslogdb_default`.`syslog_facilities`"), 'facility_id', 'facility' ); $priorities = array_rekey( - syslog_db_fetch_assoc('SELECT priority_id, priority - FROM `' . $syslogdb_default . '`.`syslog_priorities`'), + syslog_db_fetch_assoc("SELECT priority_id, priority + FROM `$syslogdb_default`.`syslog_priorities`"), 'priority_id', 'priority' ); @@ -1851,11 +1851,11 @@ function syslog_messages($tab = 'syslog') { form_selectable_cell($sm['logtime'], $sm['seq'], '', 'left'); } - form_selectable_cell(isset($hosts[$sm['host_id']]) ? $hosts[$sm['host_id']] : __('Unknown', 'syslog'), $sm['seq'], '', 'left'); - form_selectable_cell($sm['program'], $sm['seq'], '', 'left'); - form_selectable_cell(filter_value(title_trim($sm[$syslog_incoming_config['textField']], get_request_var_request('trimval')), get_request_var('rfilter')), $sm['seq'], '', 'left syslogMessage'); - form_selectable_cell(isset($facilities[$sm['facility_id']]) ? $facilities[$sm['facility_id']] : __('Unknown', 'syslog'), $sm['seq'], '', 'left'); - form_selectable_cell(isset($priorities[$sm['priority_id']]) ? $priorities[$sm['priority_id']] : __('Unknown', 'syslog'), $sm['seq'], '', 'left'); + form_selectable_ecell(isset($hosts[$sm['host_id']]) ? $hosts[$sm['host_id']] : __('Unknown', 'syslog'), $sm['seq'], '', 'left'); + form_selectable_ecell($sm['program'], $sm['seq'], '', 'left'); + form_selectable_ecell(filter_value(title_trim($sm[$syslog_incoming_config['textField']], get_request_var_request('trimval')), get_request_var('rfilter')), $sm['seq'], '', 'left syslogMessage'); + form_selectable_ecell(isset($facilities[$sm['facility_id']]) ? $facilities[$sm['facility_id']] : __('Unknown', 'syslog'), $sm['seq'], '', 'left'); + form_selectable_ecell(isset($priorities[$sm['priority_id']]) ? $priorities[$sm['priority_id']] : __('Unknown', 'syslog'), $sm['seq'], '', 'left'); // Add occurrence count if grouping is enabled if ($grouping_enabled) { @@ -1869,11 +1869,11 @@ function syslog_messages($tab = 'syslog') { $seq_array = explode(',', $sm['seq_list']); // Get individual messages for this group - $detail_messages = syslog_db_fetch_assoc('SELECT syslog.*, syslog_programs.program - FROM `' . $syslogdb_default . '`.`' . (($sm['mtype'] == 'main') ? 'syslog' : 'syslog_removed') . '` AS syslog - LEFT JOIN `' . $syslogdb_default . '`.`syslog_programs` + $detail_messages = syslog_db_fetch_assoc("SELECT syslog.*, syslog_programs.program + FROM `$syslogdb_default`.`" . (($sm['mtype'] == 'main') ? 'syslog' : 'syslog_removed') . "` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` ON syslog.program_id=syslog_programs.program_id - WHERE syslog.seq IN (' . implode(',', array_map('intval', $seq_array)) . ') + WHERE syslog.seq IN (" . implode(',', array_map('intval', $seq_array)) . ') ORDER BY syslog.logtime DESC'); if (cacti_sizeof($detail_messages)) { diff --git a/syslog_alerts.php b/syslog_alerts.php index dffea80..5beacd9 100644 --- a/syslog_alerts.php +++ b/syslog_alerts.php @@ -146,9 +146,9 @@ function form_actions() { input_validate_input_number($matches[1]); // ==================================================== - $alert_info = syslog_db_fetch_cell_prepared('SELECT name - FROM `' . $syslogdb_default . '`.`syslog_alert` - WHERE id = ?', + $alert_info = syslog_db_fetch_cell_prepared("SELECT name + FROM `$syslogdb_default`.`syslog_alert` + WHERE id = ?", [$matches[1]]); $alert_list .= '
  • ' . html_escape($alert_info) . '
    • '; @@ -234,9 +234,9 @@ function alert_export() { foreach ($selected_items as $id) { if ($id > 0) { - $data = syslog_db_fetch_row_prepared('SELECT * - FROM `' . $syslogdb_default . '`.`syslog_alert` - WHERE id = ?', + $data = syslog_db_fetch_row_prepared("SELECT * + FROM `$syslogdb_default`.`syslog_alert` + WHERE id = ?", [$id]); if (cacti_sizeof($data)) { @@ -332,7 +332,7 @@ function api_syslog_alert_disable($id) { function api_syslog_alert_enable($id) { global $syslogdb_default; - syslog_db_execute("UPDATE `$syslogdb_default`.`syslog_alert` SET enabled = 'on' WHERE id = ?", [$id]); + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_alert` SET enabled = 'on' WHERE id = ?", [$id]); } function syslog_get_alert_records(&$sql_where, &$sql_params, $rows) { @@ -359,8 +359,8 @@ function syslog_get_alert_records(&$sql_where, &$sql_params, $rows) { $sql_order = get_order_string(); $sql_limit = ' LIMIT ' . ($rows * (get_request_var('page') - 1)) . ',' . $rows; - $query_string = 'SELECT * - FROM `' . $syslogdb_default . "`.`syslog_alert` + $query_string = "SELECT * + FROM `$syslogdb_default`.`syslog_alert` $sql_where $sql_order $sql_limit"; @@ -432,9 +432,9 @@ function syslog_action_edit() { // ==================================================== if (!isempty_request_var('id') && get_nfilter_request_var('action') == 'edit') { - $alert = syslog_db_fetch_row_prepared('SELECT * - FROM `' . $syslogdb_default . '`.`syslog_alert` - WHERE id = ?', + $alert = syslog_db_fetch_row_prepared("SELECT * + FROM `$syslogdb_default`.`syslog_alert` + WHERE id = ?", [get_request_var('id')]); if (cacti_sizeof($alert)) { @@ -837,8 +837,8 @@ function syslog_alerts() { $alerts = syslog_get_alert_records($sql_where, $sql_params, $rows); - $rows_query_string = 'SELECT COUNT(*) - FROM `' . $syslogdb_default . "`.`syslog_alert` + $rows_query_string = "SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_alert` $sql_where"; $total_rows = syslog_db_fetch_cell_prepared($rows_query_string, $sql_params); diff --git a/syslog_removal.php b/syslog_removal.php index 1be4fee..b92193e 100644 --- a/syslog_removal.php +++ b/syslog_removal.php @@ -160,9 +160,9 @@ function form_actions() { input_validate_input_number($matches[1]); // ==================================================== - $removal_info = syslog_db_fetch_cell_prepared('SELECT name - FROM `' . $syslogdb_default . '`.`syslog_remove` - WHERE id = ?', + $removal_info = syslog_db_fetch_cell_prepared("SELECT name + FROM `$syslogdb_default`.`syslog_remove` + WHERE id = ?", [$matches[1]]); $removal_list .= '
  • ' . $removal_info . '
    • '; @@ -258,9 +258,9 @@ function removal_export() { foreach ($selected_items as $id) { if ($id > 0) { - $data = syslog_db_fetch_row_prepared('SELECT * - FROM `' . $syslogdb_default . '`.`syslog_remove` - WHERE id = ?', + $data = syslog_db_fetch_row_prepared("SELECT * + FROM `$syslogdb_default`.`syslog_remove` + WHERE id = ?", [$id]); if (cacti_sizeof($data)) { @@ -365,8 +365,8 @@ function syslog_get_removal_records(&$sql_where, &$sql_params, $rows) { $sql_order = get_order_string(); $sql_limit = ' LIMIT ' . ($rows * (get_request_var('page') - 1)) . ',' . $rows; - $query_string = 'SELECT * - FROM `' . $syslogdb_default . "`.`syslog_remove` + $query_string = "SELECT * + FROM `$syslogdb_default`.`syslog_remove` $sql_where $sql_order $sql_limit"; @@ -385,9 +385,9 @@ function syslog_action_edit() { // ==================================================== if (isset_request_var('id') && get_nfilter_request_var('action') == 'edit') { - $removal = syslog_db_fetch_row_prepared('SELECT * - FROM `' . $syslogdb_default . '`.`syslog_remove` - WHERE id = ?', + $removal = syslog_db_fetch_row_prepared("SELECT * + FROM `$syslogdb_default`.`syslog_remove` + WHERE id = ?", [get_request_var('id')]); if (cacti_sizeof($removal)) { @@ -649,8 +649,8 @@ function syslog_removal() { $removals = syslog_get_removal_records($sql_where, $sql_params, $rows); - $rows_query_string = 'SELECT COUNT(*) - FROM `' . $syslogdb_default . "`.`syslog_remove` + $rows_query_string = "SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_remove` $sql_where"; $total_rows = syslog_db_fetch_cell_prepared($rows_query_string, $sql_params); diff --git a/syslog_reports.php b/syslog_reports.php index e88a2e3..048fbc8 100644 --- a/syslog_reports.php +++ b/syslog_reports.php @@ -143,9 +143,9 @@ function form_actions() { input_validate_input_number($matches[1]); // ==================================================== - $report_info = syslog_db_fetch_cell_prepared('SELECT name - FROM `' . $syslogdb_default . '`.`syslog_reports` - WHERE id = ?', + $report_info = syslog_db_fetch_cell_prepared("SELECT name + FROM `$syslogdb_default`.`syslog_reports` + WHERE id = ?", [$matches[1]]); $report_list .= '
  • ' . $report_info . '
    • '; @@ -313,17 +313,17 @@ function api_syslog_report_save($id, $name, $type, $message, $timespan, $timepar function api_syslog_report_remove($id) { global $syslogdb_default; - syslog_db_execute('DELETE FROM `' . $syslogdb_default . '`.`syslog_reports` WHERE id=' . $id); + syslog_db_execute_prepared("DELETE FROM `$syslogdb_default`.`syslog_reports` WHERE id = ?", [$id]); } function api_syslog_report_disable($id) { global $syslogdb_default; - syslog_db_execute('UPDATE `' . $syslogdb_default . "`.`syslog_reports` SET enabled='' WHERE id=" . $id); + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_reports` SET enabled = '' WHERE id = ?", [$id]); } function api_syslog_report_enable($id) { global $syslogdb_default; - syslog_db_execute('UPDATE `' . $syslogdb_default . "`.`syslog_reports` SET enabled='on' WHERE id=" . $id); + syslog_db_execute_prepared("UPDATE `$syslogdb_default`.`syslog_reports` SET enabled = 'on' WHERE id = ?", [$id]); } function syslog_get_report_records(&$sql_where, &$sql_params, $rows) { @@ -350,8 +350,8 @@ function syslog_get_report_records(&$sql_where, &$sql_params, $rows) { $sql_order = get_order_string(); $sql_limit = ' LIMIT ' . ($rows * (get_request_var('page') - 1)) . ',' . $rows; - $query_string = 'SELECT * - FROM `' . $syslogdb_default . "`.`syslog_reports` + $query_string = "SELECT * + FROM `$syslogdb_default`.`syslog_reports` $sql_where $sql_order $sql_limit"; @@ -369,9 +369,9 @@ function syslog_action_edit() { // ==================================================== if (isset_request_var('id')) { - $report = syslog_db_fetch_row_prepared('SELECT * - FROM `' . $syslogdb_default . '`.`syslog_reports` - WHERE id =?', + $report = syslog_db_fetch_row_prepared("SELECT * + FROM `$syslogdb_default`.`syslog_reports` + WHERE id = ?", [get_request_var('id')]); if (cacti_sizeof($report)) { @@ -686,8 +686,8 @@ function syslog_report() { $reports = syslog_get_report_records($sql_where, $sql_params, $rows); - $rows_query_string = 'SELECT COUNT(*) - FROM `' . $syslogdb_default . "`.`syslog_reports` + $rows_query_string = "SELECT COUNT(*) + FROM `$syslogdb_default`.`syslog_reports` $sql_where"; $total_rows = syslog_db_fetch_cell_prepared($rows_query_string, $sql_params); From 2ddef963f97138ebeacafee829c6dc518d000d1b Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 11:01:07 -0400 Subject: [PATCH 03/11] fix: Error in syslog displaying rows --- syslog.php | 89 ++++++++++++++++++------------------------------------ 1 file changed, 29 insertions(+), 60 deletions(-) diff --git a/syslog.php b/syslog.php index e23c818..94c520e 100644 --- a/syslog.php +++ b/syslog.php @@ -1057,18 +1057,10 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { if ($grouping_enabled) { if (get_request_var('removal') == '-1') { - $query_sql = "SELECT - syslog.host_id, - syslog.message, - syslog.program_id, - syslog.facility_id, - syslog.priority_id, - syslog_programs.program, - 'main' AS mtype, - COUNT(*) AS occurrence_count, - MIN(syslog.logtime) AS first_logtime, - MAX(syslog.logtime) AS logtime, - MIN(syslog.seq) AS seq, + $query_sql = "SELECT syslog.host_id, syslog.message, syslog.program_id, + syslog.facility_id, syslog.priority_id, syslog_programs.program, + 'main' AS mtype, COUNT(*) AS occurrence_count, MIN(syslog.logtime) AS first_logtime, + MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list FROM `$syslogdb_default`.`syslog` LEFT JOIN `$syslogdb_default`.`syslog_programs` @@ -1080,35 +1072,20 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { } elseif (get_request_var('removal') == '1') { $query_sql = "SELECT * FROM ( (SELECT - syslog.host_id, - syslog.message, - syslog.program_id, - syslog.facility_id, - syslog.priority_id, - syslog_programs.program, - 'main' AS mtype, - COUNT(*) AS occurrence_count, - MIN(syslog.logtime) AS first_logtime, - MAX(syslog.logtime) AS logtime, - MIN(syslog.seq) AS seq, + syslog.host_id, syslog.message, syslog.program_id, + syslog.facility_id, syslog.priority_id, syslog_programs.program, + 'main' AS mtype, COUNT(*) AS occurrence_count, MIN(syslog.logtime) AS first_logtime, + MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list FROM `$syslogdb_default`.`syslog` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` ON syslog.program_id=syslog_programs.program_id $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id - ) UNION (SELECT - syslog.host_id, - syslog.message, - syslog.program_id, - syslog.facility_id, - syslog.priority_id, - syslog_programs.program, - 'remove' AS mtype, - COUNT(*) AS occurrence_count, - MIN(syslog.logtime) AS first_logtime, - MAX(syslog.logtime) AS logtime, - MIN(syslog.seq) AS seq, + ) UNION (SELECT syslog.host_id, syslog.message, syslog.program_id, + syslog.facility_id, syslog.priority_id, syslog_programs.program, + 'remove' AS mtype, COUNT(*) AS occurrence_count, MIN(syslog.logtime) AS first_logtime, + MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list FROM `$syslogdb_default`.`syslog_removed` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` @@ -1120,22 +1097,14 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { $sql_order $sql_limit"; } else { - $query_sql = "SELECT - syslog.host_id, - syslog.message, - syslog.program_id, - syslog.facility_id, - syslog.priority_id, - syslog_programs.program, - 'remove' AS mtype, - COUNT(*) AS occurrence_count, - MIN(syslog.logtime) AS first_logtime, - MAX(syslog.logtime) AS logtime, - MIN(syslog.seq) AS seq, + $query_sql = "SELECT syslog.host_id, syslog.message, syslog.program_id, + syslog.facility_id, syslog.priority_id, syslog_programs.program, + 'remove' AS mtype, COUNT(*) AS occurrence_count, MIN(syslog.logtime) AS first_logtime, + MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, GROUP_CONCAT(syslog.seq ORDER BY syslog.logtime DESC SEPARATOR ',') AS seq_list FROM `$syslogdb_default`.`syslog_removed` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` AS syslog_programs - ON syslog.program_id=syslog_programs.program_id + ON syslog.program_id = syslog_programs.program_id $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id $sql_order @@ -1144,38 +1113,38 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { } else { // Original non-grouped queries if (get_request_var('removal') == '-1') { - $query_sql = "SELECT syslog.*, syslog_programs.program, 'main' AS mtype + $query_sql = "SELECT `syslog`.*, `syslog_programs`.`program`, 'main' AS mtype FROM `$syslogdb_default`.`syslog` LEFT JOIN `$syslogdb_default`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id + ON syslog.program_id = syslog_programs.program_id $sql_where $sql_order $sql_limit"; } elseif (get_request_var('removal') == '1') { - $query_sql = "(SELECT syslog.*, syslog_programs.program, 'main' AS mtype + $query_sql = "(SELECT `syslog`.*, `syslog_programs`.`program`, 'main' AS mtype FROM `$syslogdb_default`.`syslog` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id ' . + ON syslog.program_id=syslog_programs.program_id $sql_where - ) UNION (SELECT syslog.*, syslog_programs.program, 'remove' AS mtype + ) UNION (SELECT `syslog`.*, `syslog_programs`.`program`, 'remove' AS mtype FROM `$syslogdb_default`.`syslog_removed` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id + ON syslog.program_id = syslog_programs.program_id $sql_where) $sql_order $sql_limit"; } else { - $query_sql = "SELECT syslog.*, syslog_programs.program, 'remove' AS mtype + $query_sql = "SELECT `syslog`.*, `syslog_programs`.`program`, 'remove' AS mtype FROM `$syslogdb_default`.`syslog_removed` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` AS syslog_programs - ON syslog.program_id=syslog_programs.program_id + ON syslog.program_id = syslog_programs.program_id $sql_where $sql_order $sql_limit"; } } } else { - $query_sql = "SELECT syslog.*, sf.facility, sp.priority, spr.program, sa.name, sa.severity + $query_sql = "SELECT `syslog`.*, `sf`.`facility`, `sp`.`priority`, `spr`.`program`, `sa`.`name`, `sa`.`severity` FROM `$syslogdb_default`.`syslog_logs` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_facilities` AS sf ON syslog.facility_id=sf.facility_id @@ -1190,7 +1159,7 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { $sql_limit"; } - // print $query_sql; + //print $query_sql; return syslog_db_fetch_assoc($query_sql); } @@ -1869,10 +1838,10 @@ function syslog_messages($tab = 'syslog') { $seq_array = explode(',', $sm['seq_list']); // Get individual messages for this group - $detail_messages = syslog_db_fetch_assoc("SELECT syslog.*, syslog_programs.program + $detail_messages = syslog_db_fetch_assoc("SELECT `syslog`.*, `syslog_programs`.`program` FROM `$syslogdb_default`.`" . (($sm['mtype'] == 'main') ? 'syslog' : 'syslog_removed') . "` AS syslog LEFT JOIN `$syslogdb_default`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id + ON syslog.program_id = syslog_programs.program_id WHERE syslog.seq IN (" . implode(',', array_map('intval', $seq_array)) . ') ORDER BY syslog.logtime DESC'); From 91bcf648e6e8418e62f44e1f493b605865d83dd5 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 12:23:23 -0400 Subject: [PATCH 04/11] fix: Multiple fixes * Properly execute the syslog callback without using eval * Use a timestamp to improve the quality of range partition pruning * Better formatting on UNION queries --- js/functions.js | 20 +++++++++++++++++++- setup.php | 8 +++++--- syslog.php | 33 +++++++++++++++++++-------------- 3 files changed, 43 insertions(+), 18 deletions(-) diff --git a/js/functions.js b/js/functions.js index 375d541..9e8ae25 100644 --- a/js/functions.js +++ b/js/functions.js @@ -580,6 +580,18 @@ function initSyslogReports() { * Autocomplete Form Callback Functions * ======================================================================== */ +function syslogExecuteFunctionByName(functionName, context /*, args */) { + var args = Array.prototype.slice.call(arguments, 2); + var namespaces = functionName.split('.'); + var func = namespaces.pop(); + + for(var i = 0; i < namespaces.length; i++) { + context = context[namespaces[i]]; + } + + return context[func].apply(context, args); +} + /** * Initialize autocomplete for form dropdown fields * @param {string} formName - The name of the form field @@ -598,13 +610,19 @@ function initSyslogAutocomplete(formName, callback, onChange) { minLength: 0, select: function(event, ui) { $('#' + formName + '_input').val(ui.item.label); + if (ui.item.id) { $('#' + formName).val(ui.item.id); } else { $('#' + formName).val(ui.item.value); } + if (onChange) { - eval(onChange); + $(this).autocomplete('close'); + + onChange = onChange.replace('(', '').replace(')', ''); + + syslogExecuteFunctionByName(onChange, window); } } }).css('border', 'none').css('background-color', 'transparent'); diff --git a/setup.php b/setup.php index c51c365..6fe9f52 100644 --- a/setup.php +++ b/setup.php @@ -445,7 +445,7 @@ function syslog_create_partitioned_syslog_table($engine = 'InnoDB', $days = 30) priority_id int(10) unsigned default NULL, program_id int(10) unsigned default NULL, host_id int(10) unsigned default NULL, - logtime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', + logtime timestamp NOT NULL DEFAULT '0000-00-00 00:00:00', message varchar(1024) NOT NULL default '', seq bigint unsigned NOT NULL auto_increment, PRIMARY KEY(seq, logtime), @@ -457,7 +457,7 @@ function syslog_create_partitioned_syslog_table($engine = 'InnoDB', $days = 30) INDEX facility_id (facility_id)) ENGINE=$engine $row_format - PARTITION BY RANGE (TO_DAYS(logtime))\n"; + PARTITION BY RANGE (UNIX_TIMESTAMP(logtime))\n"; $now = time(); @@ -468,11 +468,13 @@ function syslog_create_partitioned_syslog_table($engine = 'InnoDB', $days = 30) $date = gmdate('Y-m-d', $timestamp); $format = gmdate('Ymd', strtotime('- 1 day', $timestamp)); - $parts .= ($parts != '' ? ",\n" : '(') . ' PARTITION d' . $format . " VALUES LESS THAN (TO_DAYS('" . $date . "'))"; + $parts .= ($parts != '' ? ",\n" : '(') . ' PARTITION d' . $format . " VALUES LESS THAN (UNIX_TIMESTAMP('" . $date . "'))"; } $parts .= ",\nPARTITION dMaxValue VALUES LESS THAN MAXVALUE);"; + //cacti_log($sql . $parts); + syslog_db_execute($sql . $parts); } diff --git a/syslog.php b/syslog.php index 94c520e..ae33f68 100644 --- a/syslog.php +++ b/syslog.php @@ -1070,9 +1070,10 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { $sql_order $sql_limit"; } elseif (get_request_var('removal') == '1') { - $query_sql = "SELECT * FROM ( - (SELECT - syslog.host_id, syslog.message, syslog.program_id, + $query_sql = "SELECT * + FROM ( + ( + SELECT syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id, syslog_programs.program, 'main' AS mtype, COUNT(*) AS occurrence_count, MIN(syslog.logtime) AS first_logtime, MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, @@ -1082,7 +1083,8 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { ON syslog.program_id=syslog_programs.program_id $sql_where GROUP BY syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id - ) UNION (SELECT syslog.host_id, syslog.message, syslog.program_id, + ) UNION ( + SELECT syslog.host_id, syslog.message, syslog.program_id, syslog.facility_id, syslog.priority_id, syslog_programs.program, 'remove' AS mtype, COUNT(*) AS occurrence_count, MIN(syslog.logtime) AS first_logtime, MAX(syslog.logtime) AS logtime, MIN(syslog.seq) AS seq, @@ -1121,16 +1123,19 @@ function get_syslog_messages(&$sql_where, $rows, $tab) { $sql_order $sql_limit"; } elseif (get_request_var('removal') == '1') { - $query_sql = "(SELECT `syslog`.*, `syslog_programs`.`program`, 'main' AS mtype - FROM `$syslogdb_default`.`syslog` AS syslog - LEFT JOIN `$syslogdb_default`.`syslog_programs` - ON syslog.program_id=syslog_programs.program_id - $sql_where - ) UNION (SELECT `syslog`.*, `syslog_programs`.`program`, 'remove' AS mtype - FROM `$syslogdb_default`.`syslog_removed` AS syslog - LEFT JOIN `$syslogdb_default`.`syslog_programs` - ON syslog.program_id = syslog_programs.program_id - $sql_where) + $query_sql = "( + SELECT `syslog`.*, `syslog_programs`.`program`, 'main' AS mtype + FROM `$syslogdb_default`.`syslog` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id=syslog_programs.program_id + $sql_where + ) UNION ( + SELECT `syslog`.*, `syslog_programs`.`program`, 'remove' AS mtype + FROM `$syslogdb_default`.`syslog_removed` AS syslog + LEFT JOIN `$syslogdb_default`.`syslog_programs` + ON syslog.program_id = syslog_programs.program_id + $sql_where + ) $sql_order $sql_limit"; } else { From 29114fbee8a3b874da20127cc7b7edfc057d0811 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 12:42:13 -0400 Subject: [PATCH 05/11] fix: Copilot reviews --- functions.php | 10 +++++++--- syslog.php | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/functions.php b/functions.php index 0019ea6..b4b836d 100644 --- a/functions.php +++ b/functions.php @@ -243,12 +243,12 @@ function syslog_partition_manage() { if (syslog_partition_check('syslog', $time)) { syslog_partition_create('syslog', $time); - $syslog_deleted = syslog_partition_remove('syslog', $time); + $syslog_deleted = syslog_partition_remove('syslog'); } if (syslog_partition_check('syslog_removed', $time)) { syslog_partition_create('syslog_removed', $time); - $syslog_deleted += syslog_partition_remove('syslog_removed', $time); + $syslog_deleted += syslog_partition_remove('syslog_removed'); } return $syslog_deleted; @@ -357,7 +357,7 @@ function syslog_partition_create($table, $time = null) { /** * Remove old partitions for the specified table. * - * @param mixed $table + * @param string $table The name of the table */ function syslog_partition_remove($table) { global $syslogdb_default; @@ -368,6 +368,10 @@ function syslog_partition_remove($table) { return 0; } + if ($time === null) { + $time = time(); + } + $lock_name = substr(hash('sha256', $syslogdb_default . '.syslog_partition_remove.' . $table), 0, 60); $locked = syslog_db_fetch_cell_prepared('SELECT GET_LOCK(?, 10)', [$lock_name]); diff --git a/syslog.php b/syslog.php index ae33f68..0d1c45c 100644 --- a/syslog.php +++ b/syslog.php @@ -1382,7 +1382,7 @@ function syslog_filter($sql_where, $tab) { ORDER BY selected DESC, host LIMIT $ac_rows"); } else { - $hosts = syslog_db_fetch_assoc("SELECT DISTINCT sh.host_id, sh.host, '0 AS id + $hosts = syslog_db_fetch_assoc("SELECT DISTINCT sh.host_id, sh.host, '0' AS id FROM `$syslogdb_default`.`syslog_hosts` AS sh $hosts_where ORDER BY host From 12e8a378f3565b6fd1aba103087a177767d5cc17 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 12:43:53 -0400 Subject: [PATCH 06/11] fixes: Copilot reviews --- functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.php b/functions.php index b4b836d..0087d10 100644 --- a/functions.php +++ b/functions.php @@ -344,7 +344,7 @@ function syslog_partition_create($table, $time = null) { * contain only digits, hyphens, and the letter 'd'. */ syslog_db_execute("ALTER TABLE `$syslogdb_default`.`$table` REORGANIZE PARTITION dMaxValue INTO ( - PARTITION $cformat VALUES LESS THAN (TO_DAYS('$lnow')), + PARTITION $cformat VALUES LESS THAN (UNIX_TIMESTAMP('$lnow')), PARTITION dMaxValue VALUES LESS THAN MAXVALUE)"); } } finally { From 18aa3f4a17ed9046fa3ec0e4f3cf9b7e3c58295c Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 13:02:12 -0400 Subject: [PATCH 07/11] fix: Make partition reorganization work with TO_DAYS legacy --- functions.php | 18 +- .../issue254_partition_table_locking_test.php | 202 ------------------ 2 files changed, 15 insertions(+), 205 deletions(-) delete mode 100644 tests/regression/issue254_partition_table_locking_test.php diff --git a/functions.php b/functions.php index 0087d10..3669a54 100644 --- a/functions.php +++ b/functions.php @@ -343,9 +343,21 @@ function syslog_partition_create($table, $time = null) { * regex guard). $cformat and $lnow derive from date() and * contain only digits, hyphens, and the letter 'd'. */ - syslog_db_execute("ALTER TABLE `$syslogdb_default`.`$table` REORGANIZE PARTITION dMaxValue INTO ( - PARTITION $cformat VALUES LESS THAN (UNIX_TIMESTAMP('$lnow')), - PARTITION dMaxValue VALUES LESS THAN MAXVALUE)"); + $create_syntax = syslog_db_fetch_row("SHOW CREATE TABLE `$syslogdb_default`.`$table`"); + + if (cacti_sizeof($create_syntax)) { + if (str_contains($create_syntax['Create Table'], 'TO_DAYS')) { + syslog_db_execute("ALTER TABLE `$syslogdb_default`.`$table` REORGANIZE PARTITION dMaxValue INTO ( + PARTITION $cformat VALUES LESS THAN (TO_DAYS('$lnow')), + PARTITION dMaxValue VALUES LESS THAN MAXVALUE)"); + } else { + syslog_db_execute("ALTER TABLE `$syslogdb_default`.`$table` REORGANIZE PARTITION dMaxValue INTO ( + PARTITION $cformat VALUES LESS THAN (UNIX_TIMESTAMP('$lnow')), + PARTITION dMaxValue VALUES LESS THAN MAXVALUE)"); + } + } else { + cacti_log('WARNING: Unable to determine Partition type for rotation', false, 'SYSLOG'); + } } } finally { syslog_db_fetch_cell_prepared('SELECT RELEASE_LOCK(?)', [$lock_name]); diff --git a/tests/regression/issue254_partition_table_locking_test.php b/tests/regression/issue254_partition_table_locking_test.php deleted file mode 100644 index 92777a8..0000000 --- a/tests/regression/issue254_partition_table_locking_test.php +++ /dev/null @@ -1,202 +0,0 @@ - 0) { - fwrite(STDERR, "Found $raw_partition_queries raw (non-prepared) information_schema partition queries; all must use _prepared.\n"); - exit(1); -} - -// ---- syslog_partition_remove must also use GET_LOCK / RELEASE_LOCK in a finally block ---- - -if (!preg_match('/function\s+syslog_partition_remove\s*\(\s*\$table\s*\)\s*\{(.{0,2500})\n\}/s', $functions, $m_remove_lock)) { - fwrite(STDERR, "syslog_partition_remove function body not found for lock check.\n"); - exit(1); -} - -if (!preg_match('/GET_LOCK/', $m_remove_lock[1])) { - fwrite(STDERR, "syslog_partition_remove does not acquire a lock before ALTER TABLE.\n"); - exit(1); -} - -if (!preg_match('/finally\s*\{[^}]*RELEASE_LOCK/s', $m_remove_lock[1])) { - fwrite(STDERR, "syslog_partition_remove does not release its lock in a finally block.\n"); - exit(1); -} - -// ---- Lock names must differ between create and remove (per-operation scoping) ---- - -if (!preg_match('/syslog_partition_create\.\'\s*\.\s*\$table/', $functions)) { - fwrite(STDERR, "syslog_partition_create lock name does not include function scope.\n"); - exit(1); -} - -if (!preg_match('/syslog_partition_remove\.\'\s*\.\s*\$table/', $functions)) { - fwrite(STDERR, "syslog_partition_remove lock name does not include function scope.\n"); - exit(1); -} - -// ---- syslog_partition_create must return early (no DDL) when allowlist fails ---- - -if (!preg_match('/function\s+syslog_partition_create\s*\(\s*\$table\s*\)\s*\{(.{0,300})/s', $functions, $m_create_guard)) { - fwrite(STDERR, "syslog_partition_create function not found.\n"); - exit(1); -} - -if (!preg_match('/!syslog_partition_table_allowed[^}]*return\s+false;/s', $m_create_guard[1])) { - fwrite(STDERR, "syslog_partition_create does not return early for disallowed tables.\n"); - exit(1); -} - -// ---- syslog_partition_check and syslog_partition_remove must use _prepared for info_schema ---- - -if (!preg_match('/function\s+syslog_partition_check\s*\(\s*\$table\s*\)\s*\{(.{0,800})/s', $functions, $m_check_prep)) { - fwrite(STDERR, "syslog_partition_check function not found for _prepared check.\n"); - exit(1); -} - -if (!preg_match('/syslog_db_fetch_cell_prepared[^)]*information_schema[^)]*table_name\s*=\s*\?/s', $m_check_prep[1])) { - fwrite(STDERR, "syslog_partition_check does not use _prepared with table_name placeholder.\n"); - exit(1); -} - -print "issue254_partition_table_locking_test passed\n"; From 210dd0fa55dde79ae9ade145a2a3073fad5031e1 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 13:08:15 -0400 Subject: [PATCH 08/11] fix: Copilot reviews --- functions.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/functions.php b/functions.php index 3669a54..76e952a 100644 --- a/functions.php +++ b/functions.php @@ -855,7 +855,7 @@ function syslog_export($tab) { } if (isset($hosts[$message['host_id']])) { - $host = $hosts[$message['host_id']]; + $host = trim($hosts[$message['host_id']], ' =+-@'); } else { $host = 'Unknown'; } @@ -871,7 +871,10 @@ function syslog_export($tab) { fputcsv($fp, $line); } + } + + fclose($fp); } else { header('Content-type: application/excel'); header('Content-Disposition: attachment; filename=alert_log_view-' . date('Y-m-d',time()) . '.csv'); @@ -893,12 +896,15 @@ function syslog_export($tab) { $severity = 'Unknown'; } + $host = trim($message['host'], ' =+-@'); + $logmsg = trim($message['logmsg'], ' =+-@'); + $line = [ $message['name'], $severity, $message['logtime'], - $message['logmsg'], - $message['host'], + $logmsg, + $host, ucfirst($message['facility']), ucfirst($message['priority']), $message['count'] From 6278cf9c2e59cb1ebc99d65b0c3385a811ed7119 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 13:10:41 -0400 Subject: [PATCH 09/11] fix: Missed DOMPurify fix --- js/functions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/functions.js b/js/functions.js index 9e8ae25..81fb2e5 100644 --- a/js/functions.js +++ b/js/functions.js @@ -225,7 +225,7 @@ function initSyslogMain(config) { $.each(data, function(index, hostData) { if ($('#host option[value="'+index+'"]').length == 0) { - $('#host').append(''); + $('#host').append(''); } }); From 495c2e3d314ac138c06c909e2565e1522b082be9 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 13:23:15 -0400 Subject: [PATCH 10/11] fix: More copilot comments --- functions.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/functions.php b/functions.php index 76e952a..d787f13 100644 --- a/functions.php +++ b/functions.php @@ -380,10 +380,6 @@ function syslog_partition_remove($table) { return 0; } - if ($time === null) { - $time = time(); - } - $lock_name = substr(hash('sha256', $syslogdb_default . '.syslog_partition_remove.' . $table), 0, 60); $locked = syslog_db_fetch_cell_prepared('SELECT GET_LOCK(?, 10)', [$lock_name]); @@ -1008,12 +1004,12 @@ function syslog_manage_items($from_table, $to_table) { $sql_sel = "SELECT seq FROM `$syslogdb_default`.`$from_table` WHERE facility_id IN - (SELECT distinct facility_id FROM `$syslogdb_default`syslog_facilities + (SELECT distinct facility_id FROM `$syslogdb_default`.`syslog_facilities` WHERE facility = " . db_qstr($remove['message']) . ')'; } else { $sql_dlt = "DELETE FROM `$syslogdb_default`.`$from_table` WHERE facility_id IN - (SELECT distinct facility_id FROM `$syslogdb_default`syslog_facilities + (SELECT distinct facility_id FROM `$syslogdb_default`.`syslog_facilities` WHERE facility = " . db_qstr($remove['message']) . ')'; } } elseif ($remove['type'] == 'host') { From a58d099bcb3591d510a4d117267b3556e3f047f2 Mon Sep 17 00:00:00 2001 From: TheWitness Date: Fri, 10 Apr 2026 13:25:37 -0400 Subject: [PATCH 11/11] fix: Copilot review --- functions.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/functions.php b/functions.php index d787f13..1e54c13 100644 --- a/functions.php +++ b/functions.php @@ -856,13 +856,15 @@ function syslog_export($tab) { $host = 'Unknown'; } + $logmsg = trim($message[$syslog_incoming_config['textField']], ' =+-@'); + $line = [ $host, ucfirst($facility), ucfirst($priority), ucfirst($program), $message['logtime'], - $message[$syslog_incoming_config['textField']] + $logmsg ]; fputcsv($fp, $line);