Autom8 three issues

[vhiebert]

Cacti 0.8.8f installed from source (Plugin Architecture Version 3.1)
CentOS 7.1.1503
Autom8 0.35
mysqld 5.6.27
PHP 5.4.16
Apache 2.4.6
..all freshly installed.

Seeing three issues when using Autom8:

Issue 1.
Under Graph Rules, Show Matching Graphs, only the first page of matching graphs is shown, when clicking the link to other pages text "Validation error." is displayed on a blank page. The same happens under Tree Rules, Show Eligible Objects. Graphs are successfully created. This sounds similar to an issue multiple other people have reported, eg http://bugs.cacti.net/view.php?id=2457. However other users appear to only have this issue when using Cacti installed from a package, while this install is from source. Commenting out the input_validate_input_regex line in graphs.php as suggested in http://forums.cacti.net/viewtopic.php?f=21&t=53080 had no affect.

Issue 2.
Graph type Tree Rules do not work. For example the built in New Graph rule lists multiple Eligible Objects and Created Trees, but none are ever created. Host type Tree Rules work.

Issue 3.
The Matching Pattern and Replacement Pattern field of a Tree Rule rule item doubles the number of "\" every time it is saved. For example if a Replacement Pattern is ${1}\n${2} and is saved, it becomes ${1}\\n${2}, if it is saved again, it becomes ${1}\\\\n${2}.


Nothing appears in the cacti log with it and the poller logging level for Autom8 set to DEBUG.

Any help appreciated. Also interested in what others are running (OS, cacti version, etc) to run Autom8 with no errors.

[GlueGuy]

It seems that something has changed with (at least) the sql_sanitize function in the lib/database.php library.

Any plugin that uses the sql_sanitize function gets strings munged when they are inserted or updated in the SQL database.

If the string is entered plain, it will get extra single quotes around the string ( string becomes 'string' ).

If the string already has the single quote, it will get escaped ( 'string' becomes '\\\'string\\\'' ).

I've compiled a partial list of all the plugins that are affected:

• aggregate

• autom8

• discovery

• fix64bit

• nectar

• routerconfigs

As far as I can tell, none of the base cacti functionality uses sql_sanitize, and only "some" of the plugins use it. Of the plugins that I have looked at, the ones that do NOT use sql_sanitize appear to be OK.

[vhiebert]

Thanks for the help, with that info was able to find several other threads relating to the sql_sanitize issue:
http://forums.cacti.net/viewtopic.php?f=21&t=54909
http://forums.cacti.net/viewtopic.php?f=14&t=54899

There is also an open bug report:
http://bugs.cacti.net/view.php?id=2641

Looks like the bug was introduced in 0.8.8e, as a test install of both 0.8.8c and 0.8.8d didn't exhibit the problem. All these version do still have the validation error issue however.

[GlueGuy]

I think the problem is the way the components (CentOS, php, and mysql) have changed in later revisions.

On my system (CentOS 6.7, php 5.3.3, and mysql 5.1.73), it turns out that the $_POST automatically fixes the outer quotes. So I just removed sql_sanitize() everywhere it occurred. That worked. Unfortunately, it also broke embedded single quotes (and other characters) that were within a text field (e.g. ' became \' ).

What I discovered turned out to be relatively simple. I just replaced "sql_sanitize()" with "stripslashes()" wherever it occurred. For example, the following line

Code: Select all

$save['name']                   = sql_sanitize(form_input_validate($_POST['name'], 'name', '', false, 3));

became

Code: Select all

$save['name']                   = stripslashes(form_input_validate($_POST['name'], 'name', '', false, 3));

stripslashes is a built-in php function.