Attempting to print currency symbol $ in graph/legend labels

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
ldevantier
Posts: 3
Joined: Wed Feb 10, 2010 6:24 pm

Attempting to print currency symbol $ in graph/legend labels

Post by ldevantier »

Hi I'm using cacti under linux with PHP 5.1.6 and I'm trying to use a '$' symbol as part of the text string on my graph labels and legend gprint format strings without much success. I've tried searching the forums/buglist but haven't found anything on this issue.

My cacti details are:
Cacti Version 0.8.7e
Cacti OS unix
SNMP Version NET-SNMP version: 5.3.2.2
RRDTool Version RRDTool 1.2.x

Now in the debug for my graph it show's the RRD command as:
/usr/bin/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="Usage - Total Cost" \
--base=1000 \
--height=120 \
--width=500 \
--alt-autoscale-max \
--lower-limit=0 \
--vertical-label="Cost in $" \
--slope-mode \
--font TITLE:8: \
--font AXIS:8: \
--font LEGEND:8: \
--font UNIT:8: \
DEF:a="/var/www/cacti/rra/snmp_oid_128.rrd":snmp_oid:AVERAGE \
AREA:a#001878FF:"Cost" \
GPRINT:a:LAST:"Current\:$%9.2lf" \
GPRINT:a:AVERAGE:"Minimum\:$%9.2lf" \
GPRINT:a:MAX:"Maximum\:$%9.2lf\n"
However they are not appearing on the graphs. If I replace the first - in the command string with a filename, such as foo.png, and execute the debug command string in a shell, then foo.png is created with dollar signs in the labels as expected.

After some digging, I identified the problem being the ereg_replace call made in the lib/rrd.php in the escape_command() function.

Code: Select all

function escape_command($command) {
    return ereg_replace("(\\\$|`)", "", $command);
}
Some issues I'd like to raise with that function are that ereg* function are deprecated (I am aware from looking at the bug reports that these are being replaced for 0.8.8), along with the fact that as this command is applied after you've sent to the log the command string created by the user, the debug statement is no longer accurate with respect to what rrdtool actually gets.

I gather the function is attempting to stop someone injecting shell/php variables into the command string, and/or using backticks to have the shell execute an arbitrary command and insert it's outptut into the command string. However the regexp used is a little brutish .

I'd like to suggest the following replacement:

Code: Select all

function escape_command($command) {
    return preg_replace((\\\$(?=\w+|\*|\@|\#|\?|\-|\\\$|\!|\_|[0-9]|\(.*\))|`(?=.*(?=`)))","$2", $command) ;
}
This version uses preg_replace which is the new preferred PHP 5 function, and will now use look-ahead to find $ immediately followed by \w characters or common shell special variables. It will also look for text enclosed within backticks. Should any matches be found, only the characters after the $ symbol, or text between the backticks will be returned. Single backticks are not affected.

e.g. $foo, $$, $@, $ENV, $PS1 will become foo $ @ ENV PS1
but '$ ' will be ignored, as will '($)' as $) isn't a shell variable. Also `/usr/bin/which` will have the backticks removed, but single ones are ignored.

This would allow for labels such as 'Cost in $' or gprints to show currency values like 'AUD $%9.2lf'

Any thoughts?
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

I'm considering this for 088 (which replaces ereg by preg per se)
R.
ldevantier
Posts: 3
Joined: Wed Feb 10, 2010 6:24 pm

Post by ldevantier »

Cool. Would you like me to raise this in your bug tracker so that it can be tracked and confirmed if released in 0.8.8?
User avatar
Linegod
Developer
Posts: 1626
Joined: Thu Feb 20, 2003 10:16 am
Location: Canada
Contact:

Post by Linegod »

Yup, throw it in the bugtracker - http://bugs.cacti.net
--
Live fast, die young
You're sucking up my bandwidth.

J.P. Pasnak,CD
CCNA, LPIC-1
http://www.warpedsystems.sk.ca
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests