Variables encoded twice
Armin Wolfermann
aw at osn.de
Thu Jul 31 16:34:29 CEST 2008
Hi all,
in several CGIs the values of hidden form variables are encoded while
this will be done again automatically on form submission. The patch
against current CVS:
Index: avail.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/avail.c,v
retrieving revision 1.50
diff -u -r1.50 avail.c
--- avail.c 23 Jun 2008 20:47:42 -0000 1.50
+++ avail.c 31 Jul 2008 14:23:09 -0000
@@ -512,11 +512,11 @@
if(display_type==DISPLAY_HOSTGROUP_AVAIL)
printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name);
if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL)
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",host_name);
if(display_type==DISPLAY_SERVICE_AVAIL)
printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
if(display_type==DISPLAY_SERVICEGROUP_AVAIL)
- printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name));
+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name);
printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no");
printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no");
Index: histogram.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/histogram.c,v
retrieving revision 1.27
diff -u -r1.27 histogram.c
--- histogram.c 19 May 2008 18:42:26 -0000 1.27
+++ histogram.c 31 Jul 2008 14:23:10 -0000
@@ -407,9 +407,9 @@
printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI);
printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1);
printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2);
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",host_name);
if(display_type==DISPLAY_SERVICE_HISTOGRAM)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
printf("<tr><td CLASS='optBoxItem' valign=top align=left>Report period:</td><td CLASS='optBoxItem' valign=top align=left>Assume state retention:</td></tr>\n");
@@ -789,9 +789,9 @@
printf("<TABLE BORDER=0 cellpadding=5>\n");
printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI);
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",host_name);
if(display_type==DISPLAY_SERVICE_HISTOGRAM)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
printf("<tr><td class='reportSelectSubTitle' align=right>Report Period:</td>\n");
printf("<td class='reportSelectItem'>\n");
Index: history.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/history.c,v
retrieving revision 1.31
diff -u -r1.31 history.c
--- history.c 23 Jun 2008 20:47:44 -0000 1.31
+++ history.c 31 Jul 2008 14:23:10 -0000
@@ -204,9 +204,9 @@
printf("<table border=0 CLASS='optBox'>\n");
printf("<form method=\"GET\" action=\"%s\">\n",HISTORY_CGI);
- printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":host_name);
if(display_type==DISPLAY_SERVICES)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
printf("<input type='hidden' name='archive' value='%d'>\n",log_archive);
printf("<tr>\n");
Index: notifications.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/notifications.c,v
retrieving revision 1.25
diff -u -r1.25 notifications.c
--- notifications.c 19 May 2008 18:42:27 -0000 1.25
+++ notifications.c 31 Jul 2008 14:23:10 -0000
@@ -212,11 +212,11 @@
printf("<table border=0 CLASS='optBox'>\n");
printf("<form method='GET' action='%s'>\n",NOTIFICATIONS_CGI);
if(query_type==FIND_SERVICE){
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(query_host_name));
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(query_svc_description));
+ printf("<input type='hidden' name='host' value='%s'>\n",query_host_name);
+ printf("<input type='hidden' name='service' value='%s'>\n",query_svc_description);
}
else
- printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",url_encode((query_type==FIND_HOST)?query_host_name:query_contact_name));
+ printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",(query_type==FIND_HOST)?query_host_name:query_contact_name);
printf("<input type='hidden' name='archive' value='%d'>\n",log_archive);
printf("<tr>\n");
if(query_type==FIND_SERVICE)
Index: statusmap.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/statusmap.c,v
retrieving revision 1.40
diff -u -r1.40 statusmap.c
--- statusmap.c 19 May 2008 18:42:28 -0000 1.40
+++ statusmap.c 31 Jul 2008 14:23:13 -0000
@@ -700,7 +700,7 @@
printf("<form method=\"POST\" action=\"%s\">\n",STATUSMAP_CGI);
printf("<table border=0 CLASS='optBox'>\n");
printf("<tr><td valign=top>\n");
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",host_name);
printf("<input type='hidden' name='layout' value='%d'>\n",layout_method);
printf("</td><td valign=top>\n");
Index: trends.c
===================================================================
RCS file: /cvsroot/nagios/nagios/cgi/trends.c,v
retrieving revision 1.41
diff -u -r1.41 trends.c
--- trends.c 23 Jun 2008 20:47:46 -0000 1.41
+++ trends.c 31 Jul 2008 14:23:15 -0000
@@ -454,9 +454,9 @@
printf("<input type='hidden' name='nomap' value=''>\n");
printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1);
printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2);
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",host_name);
if(display_type==DISPLAY_SERVICE_TRENDS)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no");
printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no");
Regards,
Armin Wolfermann
OSN Online Service Nuremberg
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list