Cacti - Validation error on new graph

[rune]

Well the good new is you're running into the same issue I described, the bad news is you should have been all set by commenting out that bit I referred to earlier.

Can you paste the first 100 lines or so from the function form_actions() inside /usr/share/cacti/site/graphs.php?

Sure. Anything that may help at this point. Here's a chunk:
---
/* ------------------------
The "actions" function
------------------------ */

function form_actions() {
global $colors, $graph_actions;

/* ================= input validation ================= */
input_validate_input_number(get_request_var_post('drp_action'));
/* ==================================================== */

/* if we are to save this form, instead of display it */
if (isset($_POST["selected_items"])) {
$selected_items = unserialize(stripslashes($_POST["selected_items"]));

if ($_POST["drp_action"] == "1") { /* delete */
if (!isset($_POST["delete_type"])) { $_POST["delete_type"] = 1; }

for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
}

switch ($_POST["delete_type"]) {
case '2': /* delete all data sources referenced by this graph */
$data_sources = array_rekey(db_fetch_assoc("SELECT data_template_data.local_data_id
FROM (data_template_rrd, data_template_data, graph_templates_item)
WHERE graph_templates_item.task_item_id=data_template_rrd.id
AND data_template_rrd.local_data_id=data_template_data.local_data_id
AND " . array_to_sql_or($selected_items, "graph_templates_item.local_graph_id") . "
AND data_template_data.local_data_id > 0"), "local_data_id", "local_data_id");

if (sizeof($data_sources)) {
api_data_source_remove_multi($data_sources);
api_plugin_hook_function('data_source_remove', $data_sources);
}

break;
}

api_graph_remove_multi($selected_items);

api_plugin_hook_function('graphs_remove', $selected_items);
}elseif ($_POST["drp_action"] == "2") { /* change graph template */
input_validate_input_number(get_request_var_post("graph_template_id"));
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */

change_graph_template($selected_items[$i], $_POST["graph_template_id"], true);
}
}elseif ($_POST["drp_action"] == "3") { /* duplicate */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */

duplicate_graph($selected_items[$i], 0, $_POST["title_format"]);
}
}elseif ($_POST["drp_action"] == "4") { /* graph -> graph template */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
graph_to_graph_template($selected_items[$i], $_POST["title_format"]);
}
}elseif (preg_match("/^tr_([0-9]+)$/", $_POST["drp_action"], $matches)) { /* place on tree */
input_validate_input_number(get_request_var_post("tree_id"));
input_validate_input_number(get_request_var_post("tree_item_id"));
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */

api_tree_item_save(0, $_POST["tree_id"], TREE_ITEM_TYPE_GRAPH, $_POST["tree_item_id"], "", $selected_items[$i], read_graph_config_option("default_rra_id"), 0, 0, 0, false);
}
}elseif ($_POST["drp_action"] == "5") { /* change host */
input_validate_input_number(get_request_var_post("host_id"));
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */

db_execute("update graph_local set host_id=" . $_POST["host_id"] . " where id=" . $selected_items[$i]);
update_graph_title_cache($selected_items[$i]);
}
}elseif ($_POST["drp_action"] == "6") { /* reapply suggested naming */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */

api_reapply_suggested_graph_title($selected_items[$i]);
update_graph_title_cache($selected_items[$i]);
}
}elseif ($_POST["drp_action"] == "7") { /* resize graphs */
input_validate_input_number(get_request_var_post("graph_width"));
input_validate_input_number(get_request_var_post("graph_height"));
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */

api_resize_graphs($selected_items[$i], $_POST["graph_width"], $_POST["graph_height"]);
}
} else {
api_plugin_hook_function('graphs_action_execute', $_POST['drp_action']);
}

header("Location: graphs.php");
exit;
}

/* setup some variables */
$graph_list = ""; $i = 0;

/* loop through each of the graphs selected on the previous page and get more info about them */
while (list($var,$val) = each($_POST)) {
if (preg_match("/^chk_([0-9]+)$/", $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */

$graph_list .= "<li>" . get_graph_title($matches[1]) . "</li>";
$graph_array[$i] = $matches[1];

$i++;
}
}
include_once("./include/top_header.php");

/* add a list of tree names to the actions dropdown */
add_tree_names_to_actions_array();

html_start_box("<strong>" . $graph_actions{$_POST["drp_action"]} . "</strong>", "60%", $colors["header_panel"], "3", "center", "");

print "<form action='graphs.php' method='post'>\n";

if (isset($graph_array) && sizeof($graph_array)) {
if ($_POST["drp_action"] == "1") { /* delete */
$graphs = array();

/* find out which (if any) data sources are being used by this graph, so we can tell the user */
if (isset($graph_array) && sizeof($graph_array)) {
$data_sources = db_fetch_assoc("select
data_template_data.local_data_id,
data_template_data.name_cache
from (data_template_rrd,data_template_data,graph_templates_item)
where graph_templates_item.task_item_id=data_template_rrd.id
and data_template_rrd.local_data_id=data_template_data.local_data_id
and " . array_to_sql_or($graph_array, "graph_templates_item.local_graph_id") . "
and data_template_data.local_data_id > 0
group by data_template_data.local_data_id
order by data_template_data.name_cache");
}

print " <tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"]. "'>
<p>When you click \"Continue\", the following Graph(s) will be deleted. Please note, Data Source(s) should be deleted only if they are only used by these Graph(s)
and not others.</p>
<p><ul>$graph_list</ul></p>";

if (isset($data_sources) && sizeof($data_sources)) {
print "<tr bgcolor='#" . $colors["form_alternate1"] . "'><td class='textArea'><p class='textArea'>The following Data Source(s) are in use by these Graph(s):</p>\n";

print "<ul>";
foreach ($data_sources as $data_source) {
print "<li><strong>" . $data_source["name_cache"] . "</strong></li>\n";
}
print "</ul>";

print "<br>";
form_radio_button("delete_type", "1", "1", "Leave the Data Source(s) untouched.", "1"); print "<br>";
form_radio_button("delete_type", "1", "2", "Delete all <strong>Data Source(s)</strong> referenced by these Graph(s).", "1"); print "<br>";
print "</td></tr>";
}
print "
</td>
</tr>\n
";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'>&nbsp;<input type='submit' value='Continue' title='Delete Graph(s)'>";
}elseif ($_POST["drp_action"] == "2") { /* change graph template */

[rune]

nudge

[cigamit]

http://svn.cacti.net/viewvc?view=rev&revision=7458

[rune]

thanks!

[zachburdick]

Rune,

what files from the link to Cacti Branch did you use on your env? I tried the graphs.php and restarted httpd but I still get the error.

[robotech]

So the SVN linked here DID fix the issue - of the validation error. message.

Please use it - Ill paste it here - so it is visible in a search for this issue as no one else has.

The makers of cacti really need to release an 0.8.8c revision with this fix built in!!!!!!

Not to be a hater - but I HATE it when things like this dont get addressed for YEARS?????


:x

graphs.php.fixed.txt

(69.17 KiB) Downloaded 647 times

[robotech]

Revision 7458 - (download) (annotate)
Sat Jul 19 03:36:22 2014 UTC (2 months, 1 week ago) by cigamit
File size: 60779 byte(s)

Change to previous commit #7452 to fix validation issues with plugins.

http://svn.cacti.net/viewvc/cacti/branc ... threv=7458

Good luck - replace the contents of THIS file with the ones in graphs.php - fixed my issue -

I installed via YUM on CENTOS 6 - 0.8.8b <----------------- new release 0.8.8c ever on the way??????? Dont hold yer breath!!!!

Some Debian users seemed to have this issue as well!!!!

[yorkdata]

Hi,

I may be doing something wrong, but when I replace the graphs.php file with this I still get the validation error. Am I missing something really simple?

Thanks

Andy

[kiemsino1]

This is the bit I commented out in graphs.php:

Code: Select all

function form_actions() {
        global $colors, $graph_actions;

        /* ================= input validation ================= */
        //input_validate_input_number(get_request_var_post('drp_action'));
        /* ==================================================== */

Same issue, after do above it works. Thank man

[yorkdata]

Thanks! That has sorted it for me now too!

Getting a strange thing happen now though, when I click on a graph I thought it took you to the page of the page with hourly, daily, weekly etc graphs? I am now just going to the devices page on the console, anyone know how to sort this out?


Andy

[voyager]

Thank you, robotec.

It worked after using fix version of graphs.php but a little problem here that It doesn't show any ifAlias output.

[Kabelok]

I ran into this same exact message. It happened on an older Debian 6.0.9 box I have.

I read through the code. The problem is that when you do the form execute to add a graph to the tree, it calls a function in graphs.php, called "form_actions".

Inside that function, one of the first things it does is input validation with a function call "input_validate_input_number(get_request_var_post('drp_action'))". This function makes sure the option value for the form submission is a number.

However, if you look at the form submission HTML on that graph page, for the add to graph tree submission, the options are all numbers except for the add to tree stuff. Like this:

Code: Select all

<option value="2">Change Graph Template</option>
<option value="5">Change Host</option>
<option value="6">Reapply Suggested Names</option>
<option value="7">Resize Graphs</option>
<option value="3">Duplicate</option>
<option value="4">Convert to Graph Template</option>
<option value="tr_2">Place on a Tree (ActiveMQ)</option>
<option value="tr_3">Place on a Tree (Backup)</option>
<option value="tr_4">Place on a Tree (Caching)</option>

Since tr_3 or tr_4 or whatever, is not a number, it will always bail out with a validation error.

I just commented out the input validation at the top of that function and it all began to work.

I'm not sure if this is a bug or something else on these systems is screwed up. I run a lot of Cacti installs and this is the only one that had the problem. On my newer Cacti installs this integer check is done inside if/else statements further within the function.

Hope this helps!

[Kabelok]

I ran into this same exact message. It happened on an older Debian 6.0.9 box I have.

I read through the code. The problem is that when you do the form execute to add a graph to the tree, it calls a function in graphs.php, called "form_actions".

Inside that function, one of the first things it does is input validation with a function call "input_validate_input_number(get_request_var_post('drp_action'))". This function makes sure the option value for the form submission is a number.

However, if you look at the form submission HTML on that graph page, for the add to graph tree submission, the options are all numbers except for the add to tree stuff. Like this:

Code: Select all

<option value="2">Change Graph Template</option>
<option value="5">Change Host</option>
<option value="6">Reapply Suggested Names</option>
<option value="7">Resize Graphs</option>
<option value="3">Duplicate</option>
<option value="4">Convert to Graph Template</option>
<option value="tr_2">Place on a Tree (ActiveMQ)</option>
<option value="tr_3">Place on a Tree (Backup)</option>
<option value="tr_4">Place on a Tree (Caching)</option>

Since tr_3 or tr_4 or whatever, is not a number, it will always bail out with a validation error.

I just commented out the input validation at the top of that function and it all began to work.

I'm not sure if this is a bug or something else on these systems is screwed up. I run a lot of Cacti installs and this is the only one that had the problem. On my newer Cacti installs this integer check is done inside if/else statements further within the function.

Hope this helps!

[Kabelok]

Resolved by commenting out input validation at the top of the function, thanks