[ZBX-3783] Proper API validation Created: 2011 May 05 Updated: 2023 Dec 08 |
|
Status: | Reopened |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | API (A) |
Affects Version/s: | None |
Fix Version/s: | 3.4.0alpha1, 4.0.0alpha1, 4.0.17rc1, 4.2 (plan), 4.4.5rc1, 5.0 (plan) |
Type: | Problem report | Priority: | Trivial |
Reporter: | richlv | Assignee: | Zabbix Development Team |
Resolution: | Unresolved | Votes: | 13 |
Labels: | validation | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | 3783-1.png guest_issue.png | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Epic Link: | DEV-591 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sprint: | Sprint 17, Sprint 18, Sprint 19, Sprint 20, Sprint 21, Sprint 22, Sprint 23, Sprint 24, Sprint 25, Sprint 26, Sprint 27, Sprint 28, Sprint 29, Sprint 30, Sprint 31, Sprint 32, Sprint 33, Sprint 34, Sprint 35, Sprint 36, Sprint 37, Sprint 38, Sprint 39, Sprint 40, Sprint 41, Sprint 42, Sprint 43, Sprint 44, Sprint 45, Sprint 46, Nov 2018, Sprint 47, Dec 2018, Sprint 48, Jan 2019, Sprint 56 (Sep 2019), Sprint 55 (Aug 2019), Sprint 49 (Feb 2019), Sprint 50 (Mar 2019), Sprint 51 (Apr 2019), Sprint 52 (May 2019), Sprint 53 (Jun 2019), Sprint 54 (Jul 2019), Sprint 57 (Oct 2019), Sprint 58 (Nov 2019), Sprint 59 (Dec 2019), Sprint 60 (Jan 2020), Sprint 61 (Feb 2020), Sprint 62 (Mar 2020), Sprint 63 (Apr 2020), Sprint 64 (May 2020), Sprint 65 (Jun 2020), Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020), Sprint 70 (Nov 2020), Sprint 71 (Dec 2020), Sprint 72 (Jan 2021), Sprint 73 (Feb 2021), Sprint 74 (Mar 2021), Sprint 75 (Apr 2021), Technical backlog | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Story Points: | 1 |
Description |
currently api often discards part of the json query it does not understand. this can result in great confusion ( if a parameter in a json query is not recognised, api should never ever proceed with the remainder of the query (for example, passing "hostid" instead of "hostids" for host.get method) |
Comments |
Comment by Alexei Vladishev [ 2011 May 17 ] |
I am not sure it should be here. Perhaps ZBXNEXT is a better place? |
Comment by richlv [ 2011 May 18 ] |
being a ZBX was mostly motivated by the possible grave consequences of ignoring part of a query. something simple (from user perspective) as missing set of square brackets around a set of ids can result in that part silently being discarded and i wouldn't want to encounter that when deleting entities... |
Comment by richlv [ 2012 Sep 08 ] |
(1) also see |
Comment by richlv [ 2012 Sep 25 ] |
(2) |
Comment by Oleksii Zagorskyi [ 2012 Oct 10 ] |
(3) a particular case for required validation is |
Comment by richlv [ 2013 Jan 07 ] |
(4) for proxy.create (and probably update, too), type and main can be specified, but they are ignored |
Comment by richlv [ 2013 Jan 07 ] |
(5) a valid json w/o id results in a completely empty response |
Comment by richlv [ 2013 Jan 07 ] |
(6) incorrect id specification in proxy.delete deletes only one proxy and may return incorrect response : {"jsonrpc":"2.0","method":"proxy.delete","params":[{"proxyid":"10288","proxyid":"10289"}],"auth":"ab9638041ec6922cb14b07982b268f47","id":1} {"jsonrpc":"2.0","result":{"proxyids":["10289"]},"id":1} if a proxy with such id exists, only the last one is deleted. if such a proxy does not exist, response still has the id as if something was deleted. might be the same with other delete methods sasha MOVED to (85) CLOSED |
Comment by richlv [ 2013 Jan 07 ] |
(7) we can use host.update and change host's status to 5 or 6 (proxy). we can use proxy.update and change proxy's status to 0, 1 etc. host-updating a host into an active proxy does not remove the interface. (this possibility suggested by alexei) iivs Proxy status is now validated in pre-2.1.1 (trunk) r36917. Other validation is still due. <richlv> host status validation should be added in |
Comment by richlv [ 2013 Jan 07 ] |
(8) weird groupid (and possibly other id) validation : |
Comment by richlv [ 2013 Jan 26 ] |
(9)
|
Comment by Oleksii Zagorskyi [ 2013 Feb 26 ] |
(10) "hostinterface.update" method allows to include a line break in the IP address (should be validated also in many other fields where it's not allowed) - |
Comment by Alexander Vladishev [ 2013 Oct 07 ] |
(11) moved from 1. Notice: Undefined index: userid in /home/zabbix/www/ZBX-6881/frontends/php/include/audit.inc.php on line 67 2. {"jsonrpc":"2.0","method":"users.create","params":{"status":"aasdf"},"id":0,"auth":"dcf2269f4dc1996433e029f72c645498"} Notice: Undefined index: users in /home/zabbix/www/trunk/frontends/php/include/classes/api/API.php on line 91 3. {"jsonrpc":"2.0","method":"user.create","params":{"usrgrpid":[1,2,3]},"id":0,"auth":"dcf2269f4dc1996433e029f72c645498"} Notice: Undefined index: alias in /home/zabbix/www/DEV-528-TRUNK-r.38420/frontends/php/api/classes/CUser.php on line 268 sasha 3. RESOLVED in r64158 oleg.egorov 3. CLOSED |
Comment by Oleksii Zagorskyi [ 2013 Nov 18 ] |
(12) { "jsonrpc": "2.0", "method": "maintenance.create", "params": { "hostids": [ 10084 ], "name": "TestHJ", "active_till": "1380017700", "active_since": "1380016800", "timeperiods": { "timeperiod_type": 0, "start_date": 1380016800, "period": 3600 } }, "id": 0, "auth": "a81739a7e996deadcd36b47576135f19" } we can generate an incorrect SQL. Another bug report for this method is |
Comment by Ivo Kurzemnieks [ 2013 Nov 28 ] |
(13) Improve validation for usergroup.delete method: validate existing user groups and throw error if user group does not exist. sasha RESOLVED in r64069 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2014 Jul 22 ] |
(14) Improve usergroup.massadd { "usrgrpids": [ 13, 14, 13, [] ], "rights": { "permission": 0, "id": "3" } } Return: SQL statement execution has failed "INSERT INTO rights (groupid,permission,id,rightid) VALUES ('13','0','3','41') sasha This method is deprecated. WON'T FIX |
Comment by Oleg Egorov (Inactive) [ 2014 Jul 30 ] |
(15) { "name": "Homepage check", "hostid": "32318", "steps": [ { "name": "Homepage", "url": "http://mycompany.com", "status_codes": 200, "no": 1 } ], "ssl_cert_file": [], "authentication": 1, "http_user": 1, "http_password": 1, "ssl_key_file": 1, "ssl_key_password": 1 } SQL statement execution has failed \"INSERT INTO httptest (name,hostid,ssl_cert_file,authentication,http_user,http_password,ssl_key_file,ssl_key_password,verify_peer,verify_host,variables,headers,httptestid) VALUES ('Homepage check','32318',Array,'1','1','1','1','1','0','0','','','80')\ |
Comment by Marc [ 2015 Jan 26 ] |
(16) An API call like this (empty string for itemids): { "jsonrpc": "2.0", "method": "history.get", "params": { "itemids": "", "hostid": "11724", "time_from": "1422140400", "time_till": "1422226799" }, "auth": "t62tejbsq3jtu9rll2syonnojd19qd29", "id": 0 } Is not recognized and leads to an invalid database query: < 2015-01-26 13:52:59.617 CET >ERROR: invalid input syntax for integer: "" at character 266 < 2015-01-26 13:52:59.617 CET >STATEMENT: SELECT i.itemid FROM items i WHERE i.flags IN (0,4) AND EXISTS (SELECT NULL FROM hosts_groups hgg JOIN rights r ON r.id=hgg.groupid AND r.groupid='26' WHERE i.hostid=hgg.hostid GROUP BY hgg.hostid HAVING MIN(r.permission)>0 AND MAX(r.permission)>=2) AND i.itemid='' < 2015-01-26 13:52:59.618 CET >ERROR: current transaction is aborted, commands ignored until end of transaction block < 2015-01-26 13:52:59.618 CET >STATEMENT: SELECT h.itemid,h.clock FROM history_uint h WHERE 1=0 AND h.clock>='1422140400' AND h.clock<='1422226799' oleg.egorov Also, item update: $items = API::Item()->update([ 'itemid' => ['25372'], 'name' => '11' ]); Result: array_flip(): Can only flip STRING and INTEGER values! [items.php:199 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CItem->update() → CItem->get() → dbConditionInt() → array_flip() in include\db.inc.php:792] Error in query [SELECT i.itemid,i.flags FROM items i WHERE i.type<>9 AND i.flags IN (0,4) AND ] [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1] array_flip(): Can only flip STRING and INTEGER values! [items.php:199 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CItem->update() → CItemGeneral->checkInput() → CItem->get() → dbConditionInt() → array_flip() in include\db.inc.php:792] Error in query [SELECT i.itemid,i.templateid,i.type,i.snmp_community,i.snmp_oid,i.hostid,i.name,i.description,i.key_,i.delay,i.history,i.trends,i.status,i.value_type,i.trapper_hosts,i.units,i.snmpv3_contextname,i.snmpv3_securityname,i.snmpv3_securitylevel,i.snmpv3_authprotocol,i.snmpv3_authpassphrase,i.snmpv3_privprotocol,i.snmpv3_privpassphrase,i.formula,i.logtimefmt,i.valuemapid,i.params,i.ipmi_sensor,i.authtype,i.username,i.password,i.publickey,i.privatekey,i.flags,i.interfaceid,i.port,i.inventory_link,i.lifetime,i.jmx_endpoint FROM items i WHERE i.type<>9 AND i.flags IN (0,4) AND ] [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1] Illegal offset type in isset or empty [items.php:199 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CItem->update() → CItemGeneral->checkInput() in include\classes\api\services\CItemGeneral.php:172] No permissions to referred object or it does not exist! And if used itemids $items = API::Item()->update([ 'itemids' => ['25372'], 'name' => '11' ]); Result is: Undefined index: itemid [items.php:199 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CItem->update() → CItemGeneral->checkInput() in include\classes\api\services\CItemGeneral.php:172] |
Comment by richlv [ 2015 Mar 24 ] |
(17) httptest.create method allows to set "authentication" to 0 (no auth), but specify http_user and http_password - this is misleading |
Comment by richlv [ 2015 May 04 ] |
(18) image api validation - |
Comment by richlv [ 2015 May 04 ] |
(19) screen api validation - <richlv> screen hsize/vsize validation presumably added in |
Comment by Oleg Egorov (Inactive) [ 2015 Aug 26 ] |
(20) event.acknowledge { "eventids": [ 219883, 219856 ], "message": [ "test" ] } Result: SQL statement execution has failed \"INSERT INTO acknowledges (userid,eventid,clock,message,acknowledgeid) VALUES ('1','219883','1440595912',Array,'626') |
Comment by richlv [ 2015 Sep 17 ] |
(21) host.delete ( {"jsonrpc":"2.0","method":"host.delete","params":{"hostid":"10116"},"id":0,"auth":"5bea7391ae4283522f33a7ca38ceb250"} {"jsonrpc":"2.0","error":{"code":-32500,"message":"Application error.","data":"SQL statement execution has failed \"DELETE FROM screens_items WHERE resourceid=Array AND resourcetype='16'\""},"id":0} |
Comment by Lars Skjærlund [ 2015 Sep 17 ] |
OK - some more tests on 2.4.6: {"jsonrpc":"2.0","method":"host.delete","params":["10087"],"id":0,"auth":"7a7dd7e6080b6e2db920c8c01540c8ea"} {"jsonrpc":"2.0","error":{"code":-32602,"message":"Invalid params.","data":"Wrong fields for host \"\"."},"id":0} {"jsonrpc":"2.0","method":"host.delete","params":"10088","id":0,"auth":"e7a00088c1482eff2d901d823b0c0dc0"} {"jsonrpc":"2.0","error":{"code":-32602,"message":"Invalid params.","data":"JSON-rpc params is not an Array."},"id":0} What would be the proper syntax? Regards, |
Comment by richlv [ 2015 Sep 17 ] |
please see https://www.zabbix.org/wiki/Getting_help for support and general discussion options |
Comment by Lars Skjærlund [ 2015 Sep 17 ] |
I'm not asking for support: I've followed the API documentation in every detail, it doesn't work, and yet you claim that it's not a bug? I'm also documenting the results I get when I follow the documentation to the point. |
Comment by Ivo Kurzemnieks [ 2016 Jan 06 ] |
(22) templatescreen.create accepts empty parameters and successfully returns an ID with value 1. |
Comment by Ivo Kurzemnieks [ 2016 Jan 08 ] |
(23) Regular non admin user can create a templated screen. Then create a regular screen and use previously created templated screen as screen item. Not only it fills up the database with corrupted data, users who export regular screens, can get a corrupted XML: |
Comment by richlv [ 2016 Jan 20 ] |
(24) might be generic, but worth testing the template constraint in xml export : |
Comment by vitalijs.cemeris (Inactive) [ 2016 Feb 10 ] |
(25) screenitem.update { "screenitemid": "73", "x": 0 } returns |
Comment by Oleg Egorov (Inactive) [ 2016 Jun 27 ] |
(26) Operation and recovery operation validation issues in action.create: 2. if incorrect operation type 'recovery_operations' => [ ['operationtype' => 'asdasd'] ] the error message says "No recipients for action operation message." 3. opcommand accepts anything 'opcommand' => [ 'type' => 'asdads', 'command' => 'aaaasdasd', 'execute_on' => 'aaaa' ] and results in success. Not sure what I have just created with this. And it seems like it's validated for operations, but not for recovery operations. 4. If operations has fields, but has no operation type, I get an error: action.update: [ 'actionid' => 41, 'operations' => [ [ 'operationid' => 79 ] ] ] I get an error: 6. If recovery operations has no operation type but only ID [ 'actionid' => 41, 'recovery_operations' => [ [ 'operationid' => 78 ] ] ] I get an error: Moved from |
Comment by Gunars Pujats (Inactive) [ 2016 Jul 05 ] |
(27) String validation should check null character "\0" and hexadecimal encoded values. Also strings must be trimmed. [ "groupid" => "10", "name" => "\x0" ] 2. String should be trimmed. For example, we can set host name as space and visible name as empty string: [ "hostid" => 10105, "host" => " ", "name" => "" ] |
Comment by Gunars Pujats (Inactive) [ 2016 Jul 05 ] |
(28) It's possible to set trigger name as empty string via API: [ "triggerid"=> 70355, "description" => "" ] |
Comment by Oleg Egorov (Inactive) [ 2016 Sep 16 ] |
(29) HttpTest.create 'name' => 'test', 'hostid' => 10438, 'steps' => [[ 'name' => 'test', 'url' => 'http://mycompany.com', 'status_codes' => 200, 'no' => 1 ]] Return: Undefined index: ssl_key_password [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTest->validateCreate() → CHttpTest->checkSslParameters() in include\classes\api\services\CHttpTest.php:899] Undefined index: ssl_key_file [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTest->validateCreate() → CHttpTest->checkSslParameters() in include\classes\api\services\CHttpTest.php:906] Undefined index: delay [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTestManager->persist() → CHttpTestManager->save() → CHttpTestManager->create() → CHttpTestManager->createHttpTestItems() in include\classes\api\managers\CHttpTestManager.php:703] Undefined index: status [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTestManager->persist() → CHttpTestManager->save() → CHttpTestManager->create() → CHttpTestManager->createHttpTestItems() in include\classes\api\managers\CHttpTestManager.php:707] Undefined index: delay [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTestManager->persist() → CHttpTestManager->save() → CHttpTestManager->create() → CHttpTestManager->createHttpTestItems() in include\classes\api\managers\CHttpTestManager.php:703] Undefined index: status [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTestManager->persist() → CHttpTestManager->save() → CHttpTestManager->create() → CHttpTestManager->createHttpTestItems() in include\classes\api\managers\CHttpTestManager.php:707] Undefined index: delay [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTestManager->persist() → CHttpTestManager->save() → CHttpTestManager->create() → CHttpTestManager->createHttpTestItems() in include\classes\api\managers\CHttpTestManager.php:703] Undefined index: status [hosts.php:130 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CHttpTest->create() → CHttpTestManager->persist() → CHttpTestManager->save() → CHttpTestManager->create() → CHttpTestManager->createHttpTestItems() in include\classes\api\managers\CHttpTestManager.php:707] Created: Web scenario "test" on "0test". Issue exist in 2.2 - 3.2... Also mentioned in |
Comment by richlv [ 2016 Oct 24 ] |
(30) stacked graph item drawtype cannot be changed in the frontend, but can be modified using the api: |
Comment by vitalijs.cemeris (Inactive) [ 2016 Oct 31 ] |
(31) Array ( [output] => Array ( [0] => userid ) [userids] => Array ( [0] => ) ) Results with: |
Comment by Oleg Egorov (Inactive) [ 2016 Nov 21 ] |
(32) Error messages API::HostGroup()->create([]) Result is: Invalid parameter "/": cannot be empty. Before was: Empty input parameter. Possible better allow execute empty request or change error message. Some messages hard to understand Invalid parameter "/1/mappings/2": value (value)=() already exists. sasha Closed as DUPLICATE of (2) |
Comment by Oleg Egorov (Inactive) [ 2016 Nov 21 ] |
(33) Validation issues: API::Application()->create([ 'name' => '☺', 'hostid' => 0.0 ]); Result: Same issue exist if use scientific notation, for example: hostid = 1.23E+11 sasha RESOLVED in r63884 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Nov 21 ] |
(34) Possible create and update value mapping without value map sasha RESOLVED in r63889 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Nov 23 ] |
(35) PHPDoc for function getFieldLength * @return bool But it in success return int and if fail, then just exit; Also if (!array_key_exists($field_name, $schema['fields'])) { exit; } Normally never executed. And I think it is unnecessary code. Other PHPDoc issue in CApiService.php:738 object from from the source object. sasha RESOLVED in r64046 oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Nov 28 ] |
(36) added validation and partially rewritten API methods in r63457:64047:
oleg.egorov CLOSED Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Nov 28 ] |
(37) added validation and partially rewritten API methods in r64047:64093, r64096, r64102, r64152:
usergroup:massadd() and usergroup:massupdate() methods have been deprecated Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Nov 28 ] |
(38) minor code improvements in r64094. oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 02 ] |
(39) added validation and partially rewritten API methods in r64158:
added support of user_medias parameter by user:update() method Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 02 ] |
(40) dropped support of API_ALLOW_NULL by API_BOOLEAN data type in r64161 oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 05 ] |
(41) added validation and rewritten API methods in r64187:
Also removed WebUser from all API methods. Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 05 ] |
(42) Added check for users and user groups which are used in actions. Now, deleting of such users and user groups are prohibited. user.delete() and usergroup.delete(): users and user groups which are used in actions cannot be removed Strings added:
oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 06 ] |
(43) Incorrect field "id" name or value in where statement for table "media". [users.php:247 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->update() → CUser->updateMedias() → DB::delete() → DB::exception() in include\classes\db\DB.php:826] After user media removing displayed error message How to reproduce: sasha RESOLVED in r64252 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 07 ] |
(44) After password change via frontend in User->Edit Undefined index: passwd [users.php:247 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->update() in include\classes\api\services\CUser.php:320] sasha RESOLVED in r64263 oleg.egorov CLOSED |
Comment by richlv [ 2016 Dec 08 ] |
there are two subissues numbered "37". sasha Thanks! Fixed. <richlv> you rock - thank you |
Comment by richlv [ 2016 Dec 08 ] |
one of the new/remaining strings is "User cannot alter user type for himself.". it might be worth changing that in a more gender-neutral form of "User cannot alter user type for themselves." (but please confirm with maartinjsh ) also, would it be "User cannot alter the user type" ? martins-v Possibly: "User cannot alter their user type", better yet "User cannot change their user type" |
Comment by Alexander Vladishev [ 2016 Dec 08 ] |
(45) Fixed translation string in r64262 Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 08 ] |
(46) Security issue 2016-12-08 17:25:10 Admin ::1 User Updated 3 Oleg users.passwd: 098f6bcd4621d373cade4e832627b4f6 => ad0234829205b9033196ba818f7a872b passwd md5 value should be removed from audit log sasha RESOLVED in r64312 oleg.egorov If change only password, no any information about user changes in audit log sasha RESOLVED in r64338 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 08 ] |
(47) Don't work user group disabling sasha RESOLVED in r64311 oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 10 ] |
(48) added validation and rewritten API methods in r64339, r64340:
Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 11 ] |
(49) added validation and rewritten API methods in r64343, r64345:
Strings added:
Strings deleted:
oleg.egorov CLOSED |
Comment by richlv [ 2016 Dec 11 ] |
suggested string change : "an user macro is expected" -> "a user macro is expected" sasha Thanks a lot! Has been fixed in r64345. oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 12 ] |
(50) r64360: deprecated usermedia.get method usermedia:get() method have been deprecated oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 12 ] |
(51) Script name validation. test And i try create new with name test/test/test test In 3.3 (trunk) it's not allowed, and new validator allow create new script with this name. sasha RESOLVED in r64386 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 14 ] |
(52) Removed last symbol from script name test2/test3 test4 And I try to rename it to: test2/test3 test4\ After success save, name still: test2/test3 test4 WON'T FIX. CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 14 ] |
(53) Unnecessary variable in func.inc.php:2235 $l = 0; sasha RESOLVED in r64434 oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 14 ] |
(54) Documentation must be updated: deprecated methods:
new features:
API changelog: sasha RESOLVED oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2016 Dec 14 ] |
r64444: initial merge to trunk. It doesn't cover all API yet. Summary:strict validation:
moved (from GUI) and improved (bulk requests) audit log:
new parameters:
deprecated methods:
new constraints:
|
Comment by Alexander Vladishev [ 2016 Dec 15 ] |
(55) [A] usergroup.update(): user can add himself to a disabled group. "params": [ { "usrgrpid": 7, "users_status": 1 } ] sasha RESOLVED in r64464 oleg.egorov Via frontend open user group list, then check Zabbix administrators and press Disable Argument 2 passed to CUserGroup::checkHimself() must be an instance of string, string given, called in C:\xampp\htdocs\ZBX-3783\frontends\php\include\classes\api\services\CUserGroup.php on line 335 and defined [usergrps.php:229 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUserGroup->update() → CUserGroup->validateUpdate() → CUserGroup->checkHimself() in include\classes\api\services\CUserGroup.php:465] User cannot add himself to a disabled group or a group with disabled GUI access. [usergrps.php:229 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUserGroup->update() → CUserGroup->validateUpdate() → CUserGroup->checkHimself() → CApiService::exception() in include\classes\api\services\CUserGroup.php:500] REOPENED sasha RESOLVED in r64513 oleg.egorov CLOSED Fixed in pre-3.3.0 (trunk) r64540. |
Comment by Alexander Vladishev [ 2016 Dec 15 ] |
(56) [F] Cannot create or update script with Execute on: Zabbix server option sasha RESOLVED in r64466 oleg.egorov CLOSED Fixed in pre-3.3.0 (trunk) r64540. |
Comment by Alexander Vladishev [ 2016 Dec 19 ] |
(57) added validation and rewritten API methods in r64564:
mappings.sortorder parameter has been deprecated Strings added:
Strings deleted:
sasha it will be necessary to discuss it. sasha Removed description from all create(), update(), delete(), validateCreate(), validateDelete() and validateUpdate() methods in r64651 oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 20 ] |
(58) array_key_exists(): The first argument should be either a string or an integer [hosts.php:134 → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CIconMap->update() → CIconMap->validateUpdate() → array_key_exists() in include\classes\api\services\CIconMap.php:280] No permissions to referred object or it does not exist! API::IconMap()->update([ 'iconmapid' => true, 'name' => 'æų', 'default_iconid' => 1, 'mappings' => [ [ 'iconid' => 99, 'expression' => '0', 'inventory_link' => 1 ] ] ]) sasha RESOLVED in r64598 oleg.egorov CLOSED |
Comment by Natalja Romancaka [ 2016 Dec 21 ] |
(59) super admin can log in without username 'Admin', only entering password sasha RESOLVED in r64687, r64688 natalja.zabbix tested oleg.egorov CLOSED |
Comment by Natalja Romancaka [ 2016 Dec 22 ] |
(60) [A] script.create(): can create script name which already used in menu path for script "params": [ { "name": "test/test", "command": "reboot1" }, { "name": "test", "command": "reboot2" }, ] sasha RESOLVED in r64689 natalja.zabbix tested oleg.egorov CLOSED |
Comment by Oleg Egorov (Inactive) [ 2016 Dec 22 ] |
(61) Disable guests, and try to open: zabbix/frontends/php/zabbix.php?action=problem.view&fullscreen=0&page=1&filter_show=3&filter_application=&filter_problem=&filter_severity=0&filter_inventory%5B0%5D%5Bfield%5D=type&filter_inventory%5B0%5D%5Bvalue%5D=&filter_tags%5B0%5D%5Btag%5D=&filter_tags%5B0%5D%5Bvalue%5D=&filter_set=1 Invalid parameter "/sessionid": a character string is expected. Undefined index: rows_per_page [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CView->getOutput() → include() → CScreenProblem->get() → getPagingLine() in include\func.inc.php:1477] Undefined index: refresh [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CView->getOutput() → include() → CScreenProblem->get() → CScreenBase->getOutput() → CScreenBase->insertFlickerfreeJs() in include\classes\screens\CScreenBase.php:421] Undefined index: theme [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CView->getOutput() → include() → local_generateHeader() in app\views\layout.htmlpage.php:45] Undefined index: name [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CView->getOutput() → include() → local_generateHeader() in app\views\layout.htmlpage.php:63] Undefined index: surname [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CView->getOutput() → include() → local_generateHeader() in app\views\layout.htmlpage.php:64] oleg.egorov Moved to |
Comment by Alexander Vladishev [ 2016 Dec 23 ] |
(62) "OFFSET 0" can be removed from SQL statements sasha RESOLVED in r64692 oleg.egorov CLOSED |
Comment by Ivo Kurzemnieks [ 2016 Dec 27 ] |
(63) Introduce an upper limit of numeric values. Moved from |
Comment by Ivo Kurzemnieks [ 2016 Dec 27 ] |
(64) Currently field length errors are handled by DB. In case there are multiple parameters in one field, they separated by "\n". The error returned is split into multiple lines due to "\n" in frontend. The API validator should handle the "\n" and return a proper error. Moved from |
Comment by Ivo Kurzemnieks [ 2016 Dec 27 ] |
(65) Unit test fails: [PHPUnit] CApiInputValidatorTest::testApiInputValidator::testApiInputValidator with data set #18() Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'double' +'integer' C:\Development\ZBX-3783\frontends\php\tests\unit\include\classes\validators\CApiInputValidatorTest.php:1116 sasha What version of PHP you use? I can't reproduce this issue with PHP 7.0.8 and 5.5.9. iivs I tested on 5.6.3 and 7.0.3 var_dump(-2147483647); // int var_dump(-2147483648); // float var_dump(2147483647); // int var_dump(2147483648); // float on linux machine all of them are int. WON'T FIX |
Comment by Alexander Vladishev [ 2016 Dec 28 ] |
(66) Documentation:
sasha RESOLVED oleg.egorov CLOSED |
Comment by richlv [ 2016 Dec 29 ] |
it is really great that this issue is getting some attention - thanks to all the contributors what's the approach here - when the api changelog says "added strict validation of input parameters", what does that actually mean ? sasha Yes, it is full validation of input parameters including types, values, unexpected parameters etc. |
Comment by Gunars Pujats (Inactive) [ 2017 Jan 02 ] |
(67) [A] Random string as parameter for subselect option returns unexpected result with extra array (in cases when outputExtend() is used in API->addRelatedObjects()) { "output": ["name"], "itemids": 25587, "selectPreprocessing": "asd" } "result": [ { "itemid": "25587", "name": "Available memory 2", "preprocessing": [] }, { "preprocessing": [ [], [], [], [] ] } ] |
Comment by Natalja Romancaka [ 2017 Jan 02 ] |
(68) [A] iconmap.update(): can update the same icon maps in one query "params": [ { "iconmapid": "1", "name": "one" }, { "iconmapid": "1", "name": "two" }, ] "result": { "iconmapids": [ "1", "1" ] }, Expected error: Invalid parameter "/2": value (iconmapid)=(1) already exists. sasha RESOLVED in r65094 oleg.egorov CLOSED |
Comment by Alexander Vladishev [ 2017 Jan 11 ] |
(69) item.get() and itemprototype.get() methods shall not return formula field. Moved from |
Comment by Alexander Vladishev [ 2017 Jan 16 ] |
r65103: second merge to trunk. It doesn't cover all API yet. Summary:strict validation:
added audit log:
deprecated parameters:
|
Comment by Alexander Vladishev [ 2017 Feb 05 ] |
(70) Moved from { "jsonrpc":"2.0", "method":"triggerprototype.create", "params":[ { "description":"NEW ZBX", "expression":"{h1:vfs.fs.size[{#FSNAME}].last(0)}=0", "status":0 }, { "description":"NEW ZBX", "expression":"{h1:vfs.fs.size[{#FSNAME}].last(0)}=0", "status":0 } ], "id":4, "auth":"56783267c6cac2f2cfffe89ba84f6aa0" } |
Comment by Alexander Vladishev [ 2017 Feb 13 ] |
(72) Moved from httptest.create with httpstepid and without name { "hostid": 10107, "name": "E7", "steps": [ { "httpstepid": 91, "url": "1", "status_codes": 200, "no": 1 } ] } Response: sasha RESOLVED in r65687 sasha Tested together with |
Comment by Alexander Vladishev [ 2017 Feb 14 ] |
(73) added validation and rewritten API methods in r65687:
Strings added:
Strings deleted:
sasha Tested together with |
Comment by Oleg Egorov (Inactive) [ 2017 Mar 13 ] |
(74) template.get issue |
Comment by Alexander Vladishev [ 2017 Apr 13 ] |
r65103: third merge to trunk (together with Summary:strict validation:
added audit log:
|
Comment by Alexander Vladishev [ 2017 Apr 30 ] |
(75) Moved from |
Comment by Alexander Vladishev [ 2017 May 11 ] |
(76) Moved from |
Comment by richlv [ 2017 May 22 ] |
(77) invalid mediatypeid in action.create (probably also update ?) results in bad sql queries - see ZBX-12078 |
Comment by Herbert Buurman [ 2017 May 23 ] |
(78) [3.2.6] Supplying {"useip": 0, "dns": "somename"}in a host interface for host.create or host.update, while leaving out "ip": "" (but still including the other required properties) returns a PHP-exception. If "ip": "" is supplied (without value), the call succeeds. |
Comment by Oleg Egorov (Inactive) [ 2017 Jul 19 ] |
(79) Map size validation Result is: |
Comment by Oleg Egorov (Inactive) [ 2017 Aug 02 ] |
(80) Item create $item = API::Item()->create([ 'name' => '1', 'key_' => '1', 'hostid' => 10084, 'type' => 0, 'value_type' => 3, 'delay' => 30, 'master_itemid' => 0 ]); Result: Undefined index: interfaceid [items.php:210 → CFrontendApiWrapper->create() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CItem->create() → CItemGeneral->checkInput() in include\classes\api\services\CItemGeneral.php:327] |
Comment by Alexander Vladishev [ 2017 Sep 04 ] |
(84) template.get() returns useless data curl -X POST \ http://192.168.7.111/zabbix/api_jsonrpc.php \ -H 'cache-control: no-cache' \ -H 'content-type: application/json-rpc' \ -H 'postman-token: eded3a54-eb9f-4a7e-390a-4c7e28cf4273' \ -d '{ "jsonrpc": "2.0", "method": "template.get", "params": { "output": "extend", "filter": {"name": "Template OS Linux"} }, "auth": "d8c8ce2d43592d279a4af464594c03f8", "id": 1 }' result: {"jsonrpc":"2.0","result":[{"proxy_hostid":"0","host":"Template OS Linux","status":"3","disable_until":"0","error":"","available":"0","errors_from":"0","lastaccess":"0","ipmi_authtype":"-1","ipmi_privilege":"2","ipmi_username":"","ipmi_password":"","ipmi_disable_until":"0","ipmi_available":"0","snmp_disable_until":"0","snmp_available":"0","maintenanceid":"0","maintenance_status":"0","maintenance_type":"0","maintenance_from":"0","ipmi_errors_from":"0","snmp_errors_from":"0","ipmi_error":"","snmp_error":"","jmx_disable_until":"0","jmx_available":"0","jmx_errors_from":"0","jmx_error":"","name":"Template OS Linux","flags":"0","templateid":"10001","description":"","tls_connect":"1","tls_accept":"1","tls_issuer":"","tls_subject":"","tls_psk_identity":"","tls_psk":""}],"id":1} Moved from |
Comment by Alexander Vladishev [ 2017 Sep 18 ] |
(85) added validation and rewritten API methods in r72720:
Strings added:
Strings deleted:
After this fix, proxy cannot be removed when it is used in actions sasha Available in 4.0.0alpha1 (trunk) r72995. CLOSED |
Comment by richlv [ 2017 Sep 18 ] |
(86) [D] inability to delete a proxy that is used in actions (as per (85)) is worth mentioning in upgrade notes sasha Of course! Thanks! Updated API documentation:
CLOSED |
Comment by Alexander Vladishev [ 2017 Sep 29 ] |
(87) [A] If existing active proxy is updated changing its status to pasive proxy without specifying interfaces, frontend outputs a list of undefined index errors: Undefined index: interfaceid [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() in app/controllers/CControllerProxyEdit.php:128] Undefined index: dns [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() in app/controllers/CControllerProxyEdit.php:129] Undefined index: ip [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() in app/controllers/CControllerProxyEdit.php:130] Undefined index: useip [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() in app/controllers/CControllerProxyEdit.php:131] Undefined index: port [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() in app/controllers/CControllerProxyEdit.php:132] Undefined index: dns [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() → CController->getInput() in include/classes/mvc/CController.php:205] Undefined index: ip [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() → CController->getInput() in include/classes/mvc/CController.php:205] Undefined index: useip [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() → CController->getInput() in include/classes/mvc/CController.php:205] Undefined index: port [zabbix.php:21 → require_once() → ZBase->run() → ZBase->processRequest() → CController->run() → CControllerProxyEdit->doAction() → CController->getInput() in include/classes/mvc/CController.php:205] |
Comment by Alexander Vladishev [ 2017 Sep 29 ] |
(88) [A] proxy.get() method outputs parameters which are not documented in Proxy object page and are specific to Host Object only. Additionally, if some specific parameter is requested (e.g. "host"), API always returns a "proxyid" parameter as well. |
Comment by Larisa Grigorjeva [ 2017 Oct 04 ] |
(89) [A] There is no validation for empty sourse in source type "Map navigation tree" while using methods dashboard.create or dashboard.update for creating Map widget . Reffered Map navigation tree should be created before. Actual result: Empty map created. |
Comment by Alexander Vladishev [ 2017 Nov 20 ] |
(90) [A] item.status is not properly validated For example, this API request produces item with status=3: { "jsonrpc":"2.0", "method":"item.update", "params":{ "itemid":28284, "status":3 }, "id":1, "auth":"kolbaski" } MOVED from |
Comment by Ivo Kurzemnieks [ 2017 Nov 22 ] |
(91) [A] |
Comment by Ivo Kurzemnieks [ 2017 Dec 12 ] |
(92) [A] maintenance.update: only maintenanceid is required, but all other fields should be optional. Currently validation doesn't work correctly. Ugly fixes can be made, but it's better to rewrite the validation using new API validation. And if we do, we could do it for maintenance.create as well. vmurzins Partial duplicate of iivs Passing maintenanceid as array, results in catastrophe: array_flip(): Can only flip STRING and INTEGER values! [... → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CMaintenance->update() → CMaintenance->get() → dbConditionInt() → array_flip() in include\db.inc.php:789] pg_query(): Query failed: ERROR: syntax error at end of input LINE 1: SELECT m.* FROM maintenances m WHERE ^ [... → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CMaintenance->update() → CMaintenance->get() → DBselect() → pg_query() in include\db.inc.php:369] Error in query [SELECT m.* FROM maintenances m WHERE ] [ERROR: syntax error at end of input LINE 1: SELECT m.* FROM maintenances m WHERE ^] array_key_exists(): The first argument should be either a string or an integer [... → CFrontendApiWrapper->update() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CMaintenance->update() → array_key_exists() in include\classes\api\services\CMaintenance.php:560] No permissions to referred object or it does not exist! |
Comment by Larisa Grigorjeva [ 2017 Dec 27 ] |
(94) [A] maintenance.create validation errors look like: "Active since" must be between 1970.01.01 and 2038.01.18. "Active till" must be between 1970.01.01 and 2038.01.18 but actually only Unix time is accepted. So somehow error message and actual parameter should be lead to one format. |
Comment by richlv [ 2018 Mar 23 ] |
(95) this is somewhat similar to (27) and (28).
most likely majority of object names have this issue |
Comment by richlv [ 2018 Mar 26 ] |
(96) drule.update; pass dchecks, specifying druleid of a another discovery rule. |
Comment by Alexander Vladishev [ 2018 Apr 05 ] |
(97) [A] added validation and rewritten API methods in r79018, r79021, r79027 and r79048:
also added audit for API methods:
Strings added:
Strings deleted:
After this fix, discovery rule cannot be removed when it is used in action conditions sasha Available in 4.0.0alpha6 r79328. Updated API documentation: CLOSED |
Comment by richlv [ 2018 Apr 10 ] |
(98) typo in the changelog entry : "drile.delete" sasha Thanks! RESOLVED in r79522. CLOSED |
Comment by Alexander Vladishev [ 2018 May 08 ] |
(100) |
Comment by Valdis Murzins [ 2018 May 21 ] |
(101) event.get, event.acknowledge, problem.get API methods should be updated to use strict validation. Moved from |
Comment by Valdis Murzins [ 2018 Oct 29 ] |
(109) [A] In httptest.update(), it is possible to pass empty object in "steps" array. In such case API input validator will not fire an error and such request will end up with SQL error. API request: "method": "httptest.update", "params": { "httptestid": "8", "steps": [{}] }, SQL error: "error": { "code": -32500, "message": "Application error.", "data": "SQL statement execution has failed \"INSERT INTO items (name,key_,value_type,units,hostid,delay,type,history,trends,status,params,description,posts,headers,itemid) VALUES ('Download speed for step \\\"$2\\\" of scenario \\\"$1\\\".','web.test.in[asd,,bps]','0','Bps','10254','1m','9','30d','90d','0','','','','','28962')\".", |
Comment by Alexander Vladishev [ 2019 Sep 02 ] |
Added strict validation of valuemap: get() method. Available in:
Updated documentation: |
Comment by Alexander Vladishev [ 2020 Jan 09 ] |
Added strict validation of input parameters in script: get() method. Available in:
Updated documentation: |
Comment by Oleksii Zagorskyi [ 2020 Dec 24 ] |
(123) [A] "filter" actually works for some data types, and documentation is not correct and is not clear. "filter" does work for textual data, but only for those DB columns, which are not 'text' data type. SELECT mt.* FROM media_type mt SELECT mediatype_paramid,mediatypeid,name,value FROM media_type_param WHERE mediatypeid IN (1,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25) But, if try to "filter" by column "name" (which is 'varchar(100)' type) then it works, and performs these SQLs: SELECT mt.* FROM media_type mt WHERE mt.name='Email' SELECT mediatype_paramid,mediatypeid,name,value FROM media_type_param WHERE mediatypeid=1 and returned result is correct. As for API documentation, on all object's pages we see all such columns described as "string", which misleads of course. An important note here - in version 4.0 "description" was varchar(100), but in 5.0 it renamed to "name" and new column "description" became "text". |