Hi, I wasn't able to delete some systems I had. After a closer look I discovered that the wrong uuid was sent to mysql from the html page.
If the system uuid has a whitespace (workgroups can have whitespaces) in it's system id, then the "id" and other attributes are not enclosed with quotation marks, as they should be regardless of whitespaces and therefore a partial id is sent to mysql.
Here's a patch for delete_missed_audits.php, but I'm sure the same problem is in numerous other places and should be fixed there as well:
[code]
open-audit>svn diff delete_missed_audits.php
Index: delete_missed_audits.php
===================================================================
--- delete_missed_audits.php (revision 1185)
+++ delete_missed_audits.php (working copy)
@@ -229,7 +229,7 @@
do {
$bgcolor = change_row_color($bgcolor,$bg1,$bg2);
echo "<tr style=\"bgcolor:" . $bgcolor . ";\">
- <td width=\"5%\"><input type=\"checkbox\" name=" . $myrow["system_uuid"] . " id=" . $myrow["system_uuid"] . " value=" . $myrow["system_uuid"] . "></td>
+ <td width=\"5%\"><input type=\"checkbox\" name=\"" . $myrow["system_uuid"] . "\" id=\"" . $myrow["system_uuid"] . "\" value=\"" . $myrow["system_uuid"] . "\"></td>
<td><a href=\"system.php?pc=".$myrow["system_uuid"]."&view=summary\">" . ip_trans($myrow["net_ip_address"]) . "</a></td>
<td><a href=\"system.php?pc=".$myrow["system_uuid"]."&view=summary\">" . $myrow["system_name"] . "</a></td>
<td>" . $myrow["net_domain"] . "</td>
[/code]
On the other hand I'm not really sure that the system id's are chosen carefully enough to avoid duplicates.
Login
FAQ
Search
