kgoess/cacti-addslashes-trunk.patch

## cacti-addslashes-trunk.patch
Index: lib/utility.php
===================================================================
--- lib/utility.php	(revision 7436)
+++ lib/utility.php	(working copy)
@@ -272,17 +272,22 @@
 						if (($data_input["type_id"] == DATA_INPUT_TYPE_QUERY_SCRIPT_SERVER) && (function_exists("proc_open"))) {
 							$action = POLLER_ACTION_SCRIPT_PHP;
 							$script_path = get_script_query_path((isset($script_queries["arg_prepend"]) ? $script_queries["arg_prepend"] : "") . " " . $script_queries["arg_get"] . " " . $identifier . " " . $data_source["snmp_index"], $script_queries["script_path"] . " " . $script_queries["script_function"], $data_source["device_id"]);
+							$script_path = addslashes($script_path);
 						}else if (($data_input["type_id"] == DATA_INPUT_TYPE_QUERY_SCRIPT_SERVER) && (!function_exists("proc_open"))) {
 							$action = POLLER_ACTION_SCRIPT;
 							$script_path = read_config_option("path_php_binary") . " -q " . get_script_query_path((isset($script_queries["arg_prepend"]) ? $script_queries["arg_prepend"] : "") . " " . $script_queries["arg_get"] . " " . $identifier . " " . $data_source["snmp_index"], $script_queries["script_path"], $data_source["device_id"]);
+							$script_path = addslashes($script_path);
 						}else{
 							$action = POLLER_ACTION_SCRIPT;
+							# I don't know why addslashes is used at all, but it's definitely *not* what
+							# we need for building command-line arguments, get_full_script_path uses
+							# escapeshellarg for that for us, so *don't* call addslashes down here
 							$script_path = get_script_query_path((isset($script_queries["arg_prepend"]) ? $script_queries["arg_prepend"] : "") . " " . $script_queries["arg_get"] . " " . $identifier . " " . $data_source["snmp_index"], $script_queries["script_path"], $data_source["device_id"]);
 						}
 					}

 					if (isset($script_path)) {
-						$poller_items[] = poller_cache_item_add($data_source["device_id"], $device_fields, $local_data_id, $data_input["rrd_step"], $action, get_data_source_item_name($output["data_template_rrd_id"]), sizeof($outputs), addslashes($script_path));
+						$poller_items[] = poller_cache_item_add($data_source["device_id"], $device_fields, $local_data_id, $data_input["rrd_step"], $action, get_data_source_item_name($output["data_template_rrd_id"]), sizeof($outputs), $script_path);
 					}
 				}
 			}
Index: lib/functions.php
===================================================================
--- lib/functions.php	(revision 7436)
+++ lib/functions.php	(working copy)
@@ -1443,7 +1443,7 @@

 	if (sizeof($data) > 0) {
 	foreach ($data as $item) {
-		$full_path = str_replace("<" . $item["data_name"] . ">", $item["value"], $full_path);
+		$full_path = str_replace("<" . $item["data_name"] . ">", escapeshellarg($item["value"]), $full_path);
 	}
 	}
	Index: lib/utility.php
	===================================================================
	--- lib/utility.php (revision 7436)
	+++ lib/utility.php (working copy)
	@@ -272,17 +272,22 @@
	if (($data_input["type_id"] == DATA_INPUT_TYPE_QUERY_SCRIPT_SERVER) && (function_exists("proc_open"))) {
	$action = POLLER_ACTION_SCRIPT_PHP;
	$script_path = get_script_query_path((isset($script_queries["arg_prepend"]) ? $script_queries["arg_prepend"] : "") . " " . $script_queries["arg_get"] . " " . $identifier . " " . $data_source["snmp_index"], $script_queries["script_path"] . " " . $script_queries["script_function"], $data_source["device_id"]);
	+ $script_path = addslashes($script_path);
	}else if (($data_input["type_id"] == DATA_INPUT_TYPE_QUERY_SCRIPT_SERVER) && (!function_exists("proc_open"))) {
	$action = POLLER_ACTION_SCRIPT;
	$script_path = read_config_option("path_php_binary") . " -q " . get_script_query_path((isset($script_queries["arg_prepend"]) ? $script_queries["arg_prepend"] : "") . " " . $script_queries["arg_get"] . " " . $identifier . " " . $data_source["snmp_index"], $script_queries["script_path"], $data_source["device_id"]);
	+ $script_path = addslashes($script_path);
	}else{
	$action = POLLER_ACTION_SCRIPT;
	+ # I don't know why addslashes is used at all, but it's definitely not what
	+ # we need for building command-line arguments, get_full_script_path uses
	+ # escapeshellarg for that for us, so don't call addslashes down here
	$script_path = get_script_query_path((isset($script_queries["arg_prepend"]) ? $script_queries["arg_prepend"] : "") . " " . $script_queries["arg_get"] . " " . $identifier . " " . $data_source["snmp_index"], $script_queries["script_path"], $data_source["device_id"]);
	}
	}

	if (isset($script_path)) {
	- $poller_items[] = poller_cache_item_add($data_source["device_id"], $device_fields, $local_data_id, $data_input["rrd_step"], $action, get_data_source_item_name($output["data_template_rrd_id"]), sizeof($outputs), addslashes($script_path));
	+ $poller_items[] = poller_cache_item_add($data_source["device_id"], $device_fields, $local_data_id, $data_input["rrd_step"], $action, get_data_source_item_name($output["data_template_rrd_id"]), sizeof($outputs), $script_path);
	}
	}
	}
	Index: lib/functions.php
	===================================================================
	--- lib/functions.php (revision 7436)
	+++ lib/functions.php (working copy)
	@@ -1443,7 +1443,7 @@

	if (sizeof($data) > 0) {
	foreach ($data as $item) {
	- $full_path = str_replace("<" . $item["data_name"] . ">", $item["value"], $full_path);
	+ $full_path = str_replace("<" . $item["data_name"] . ">", escapeshellarg($item["value"]), $full_path);
	}
	}