Open-AudIT https://www.open-audit.org/phpBB3/ |
|
deleting of systems with whitespace in uuid. patched. https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3414 |
Page 1 of 1 |
Author: | kilgor [ Wed Sep 09, 2009 7:42 pm ] |
Post subject: | deleting of systems with whitespace in uuid. patched. |
Hi, I wasn't able to delete some systems I had. After a closer look I discovered that the wrong uuid was sent to mysql from the html page. If the system uuid has a whitespace (workgroups can have whitespaces) in it's system id, then the "id" and other attributes are not enclosed with quotation marks, as they should be regardless of whitespaces and therefore a partial id is sent to mysql. Here's a patch for delete_missed_audits.php, but I'm sure the same problem is in numerous other places and should be fixed there as well: [code] open-audit>svn diff delete_missed_audits.php Index: delete_missed_audits.php =================================================================== --- delete_missed_audits.php (revision 1185) +++ delete_missed_audits.php (working copy) @@ -229,7 +229,7 @@ do { $bgcolor = change_row_color($bgcolor,$bg1,$bg2); echo "<tr style=\"bgcolor:" . $bgcolor . ";\"> - <td width=\"5%\"><input type=\"checkbox\" name=" . $myrow["system_uuid"] . " id=" . $myrow["system_uuid"] . " value=" . $myrow["system_uuid"] . "></td> + <td width=\"5%\"><input type=\"checkbox\" name=\"" . $myrow["system_uuid"] . "\" id=\"" . $myrow["system_uuid"] . "\" value=\"" . $myrow["system_uuid"] . "\"></td> <td><a href=\"system.php?pc=".$myrow["system_uuid"]."&view=summary\">" . ip_trans($myrow["net_ip_address"]) . "</a></td> <td><a href=\"system.php?pc=".$myrow["system_uuid"]."&view=summary\">" . $myrow["system_name"] . "</a></td> <td>" . $myrow["net_domain"] . "</td> [/code] On the other hand I'm not really sure that the system id's are chosen carefully enough to avoid duplicates. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |