Custom Object Variables: Contrary to docs, /* custom variable values get cleaned */

Ethan Galstad egalstad at nagios.org
Wed Sep 1 16:23:56 CEST 2010


Peter Valdemar Mørch (Lists) wrote:
> On 2010-08-28 15:59, Ethan Galstad egalstad-at-nagios.org |Lists/Send to 
> lists| wrote:
>> Thanks for pointing this discrepancy out. Custom macros should be
>> cleaned IMO, so I opted to update the docs instead. :-)
> 
> During the weekend I haven't been able to understand the rationale 
> behind this. Could you help me understand it?
> 
[snip]
> 
> But the values of Custom Object Variables come from the config files, so 
> why aren't they to be trusted? I don't (yet) see the conceptual 
> difference between allowing special/illegal characters in Custom Object 
> Variables and allowing them in $ARGn$ definitions. If we don't trust the 
> author of the config files, shouldn't we cleanse $ARGn$ definitions in 
> "check_command"s too then? Why one and not the other?
> 
> Peter

Good point.  I've changed the code to not clean/strip custom macros.
Since they're user-defined, they should be trusted (unlike variable data
returned from plugins).  Fix is in CVS now.  Thanks!

-- 
Ethan Galstad
Father of Nagios
___
Email:  egalstad at nagios.org|com
Web:    www.nagios.com

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel


More information about the Developers mailing list