Custom Object Variables: Contrary to docs, /* custom variable values get cleaned */
Ethan Galstad
egalstad at nagios.org
Wed Sep 1 16:23:56 CEST 2010
Peter Valdemar Mørch (Lists) wrote:
> On 2010-08-28 15:59, Ethan Galstad egalstad-at-nagios.org |Lists/Send to
> lists| wrote:
>> Thanks for pointing this discrepancy out. Custom macros should be
>> cleaned IMO, so I opted to update the docs instead. :-)
>
> During the weekend I haven't been able to understand the rationale
> behind this. Could you help me understand it?
>
[snip]
>
> But the values of Custom Object Variables come from the config files, so
> why aren't they to be trusted? I don't (yet) see the conceptual
> difference between allowing special/illegal characters in Custom Object
> Variables and allowing them in $ARGn$ definitions. If we don't trust the
> author of the config files, shouldn't we cleanse $ARGn$ definitions in
> "check_command"s too then? Why one and not the other?
>
> Peter
Good point. I've changed the code to not clean/strip custom macros.
Since they're user-defined, they should be trusted (unlike variable data
returned from plugins). Fix is in CVS now. Thanks!
--
Ethan Galstad
Father of Nagios
___
Email: egalstad at nagios.org|com
Web: www.nagios.com
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list