ZABBIX BUGS AND ISSUES
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9087

Validation expression template for request parameter validator DB_ID is not completely functional

    Details

      Description

      Expression template for DB_ID validator has unnecessary single quotes around first argument to bccomp():

      define('DB_ID',		"({}>=0&&bccomp('{}',\"10000000000000000000\")<0)&&");
      

      When actually used in validation process, it produces following PHP code in function calc_exp2():

      return (($_REQUEST["qqq"]["0"]>=0&&bccomp('$_REQUEST["qqq"]["0"]',"10000000000000000000")<0)) ? 1 : 0;
      

      Expression part with bccomp() in it will always evaluate to true, regardless of value in request.

        Activity

        Hide
        Krists Krigers (Inactive) added a comment -

        Base fix for 2.0 is done in r50947 and r50948, branch svn://svn.zabbix.com/branches/dev/ZBX-9087.

        Show
        Krists Krigers (Inactive) added a comment - Base fix for 2.0 is done in r50947 and r50948, branch svn://svn.zabbix.com/branches/dev/ZBX-9087.
        Hide
        Ivo Kurzemnieks added a comment - - edited

        (1) No translation string changes.

        Alexander Vladishev CLOSED

        Show
        Ivo Kurzemnieks added a comment - - edited (1) No translation string changes. Alexander Vladishev CLOSED
        Hide
        Ivo Kurzemnieks added a comment - - edited

        (2)

        • Action operation editing seems to be borken now. Warning. Incorrect value for field "edit_operationid".
        • Host inventories overview got broken. Critical error. Incorrect value "alias" for "groupby" field.

        Ivo Kurzemnieks RESOLVED in r51945

        Alexander Vladishev CLOSED

        Show
        Ivo Kurzemnieks added a comment - - edited (2) Action operation editing seems to be borken now. Warning. Incorrect value for field "edit_operationid". Host inventories overview got broken. Critical error. Incorrect value "alias" for "groupby" field. Ivo Kurzemnieks RESOLVED in r51945 Alexander Vladishev CLOSED
        Hide
        Alexander Vladishev added a comment - - edited

        (3) Incorrect validation:

        In versions 2.0 and 2.2 the range can be from 0 to 99999999999999999
        2.4 and later - from 0 to 9223372036854775807 (ZBX_DB_MAX_ID)

        SQL errors occurs when trying to open link with big identifier: hosts.php?form=update&hostid=9999999999999999999

            pg_query(): Query failed: ERROR: value "9999999999999999999" is out of range for type bigint LINE 1: SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999... ^ [include/db.inc.php:440]
            Error in query [SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999999999' AND h.status IN (0,1,3)] [ERROR: value "9999999999999999999" is out of range for type bigint LINE 1: SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999... ^]
        

        Ivo Kurzemnieks RESOLVED in r51967

        Alexander Vladishev CLOSED

        Show
        Alexander Vladishev added a comment - - edited (3) Incorrect validation: In versions 2.0 and 2.2 the range can be from 0 to 99999999999999999 2.4 and later - from 0 to 9223372036854775807 (ZBX_DB_MAX_ID) SQL errors occurs when trying to open link with big identifier: hosts.php?form=update&hostid=9999999999999999999 pg_query(): Query failed: ERROR: value "9999999999999999999" is out of range for type bigint LINE 1: SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999... ^ [include/db.inc.php:440] Error in query [SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999999999' AND h.status IN (0,1,3)] [ERROR: value "9999999999999999999" is out of range for type bigint LINE 1: SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999... ^] Ivo Kurzemnieks RESOLVED in r51967 Alexander Vladishev CLOSED
        Hide
        Ivo Kurzemnieks added a comment -

        Upper bound of DB_ID is now "99999999999999999" for 2.0 and 2.2, and "9223372036854775807" for 2.4 and 2.5.0 (trunk).

        Fixed in:

        • pre-2.0.15rc1 r52070
        • pre-2.2.9rc1 r52072
        • pre-2.4.4rc1 r52073
        • pre-2.5.0 (trunk) r52074
        Show
        Ivo Kurzemnieks added a comment - Upper bound of DB_ID is now "99999999999999999" for 2.0 and 2.2, and "9223372036854775807" for 2.4 and 2.5.0 (trunk). Fixed in: pre-2.0.15rc1 r52070 pre-2.2.9rc1 r52072 pre-2.4.4rc1 r52073 pre-2.5.0 (trunk) r52074
        Hide
        Oleg Egorov added a comment - - edited

        (4) Parse error: syntax error, unexpected ''sort'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in C:\xampp\htdocs\trunk\frontends\php\hostinventoriesoverview.php on line 37

        In Inventory->Overview

        Oleg Egorov Fixed syntax error in r52141

        Alexander Vladishev CLOSED

        Show
        Oleg Egorov added a comment - - edited (4) Parse error: syntax error, unexpected ''sort'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in C:\xampp\htdocs\trunk\frontends\php\hostinventoriesoverview.php on line 37 In Inventory->Overview Oleg Egorov Fixed syntax error in r52141 Alexander Vladishev CLOSED
        Hide
        Oleg Egorov added a comment -

        Fixed in 2.4.4rc1 r52142, 2.5.0 r52143
        CLOSED

        Show
        Oleg Egorov added a comment - Fixed in 2.4.4rc1 r52142, 2.5.0 r52143 CLOSED
        Hide
        Oleg Egorov added a comment - - edited

        (5) Reports->Bar reports->Distribution of values for multiple periods
        Select 1 item

        bccomp() expects parameter 1 to be string, array given [report6.php:72 → check_fields() → check_field() → calc_exp() → calc_exp2() → eval() → bccomp() in C:\xampp\htdocs\trunk\frontends\php\include\validate.inc.php(105) : eval()'d code:1]

        Ivo Kurzemnieks Although there is no error in 2.0, I removed DB_ID validation for array in profile.php. Those are not real IDs from DB, just an array of integers.

        RESOLVED for 2.0 in svn://svn.zabbix.com/branches/dev/ZBX-9087 r52472
        RESOLVED for >=2.2 in svn://svn.zabbix.com/branches/dev/ZBX-9087-22 r52474

        Alexander Vladishev This was moved to a separate ZBX-9369 because this regression was included into version 2.4.4.

        Development branches was moved to ZBX-9369 and ZBX-9369-22

        CLOSED

        Show
        Oleg Egorov added a comment - - edited (5) Reports->Bar reports->Distribution of values for multiple periods Select 1 item bccomp() expects parameter 1 to be string, array given [report6.php:72 → check_fields() → check_field() → calc_exp() → calc_exp2() → eval() → bccomp() in C:\xampp\htdocs\trunk\frontends\php\include\validate.inc.php(105) : eval()'d code:1] Ivo Kurzemnieks Although there is no error in 2.0, I removed DB_ID validation for array in profile.php. Those are not real IDs from DB, just an array of integers. RESOLVED for 2.0 in svn://svn.zabbix.com/branches/dev/ZBX-9087 r52472 RESOLVED for >=2.2 in svn://svn.zabbix.com/branches/dev/ZBX-9087-22 r52474 Alexander Vladishev This was moved to a separate ZBX-9369 because this regression was included into version 2.4.4. Development branches was moved to ZBX-9369 and ZBX-9369 -22 CLOSED

          People

          • Assignee:
            Unassigned
            Reporter:
            Krists Krigers (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: