[ZBX-8997] Potential "Undefined index" on trigger expression test form Created: 2014 Nov 05  Updated: 2024 Apr 10  Resolved: 2017 Sep 05

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 2.2.7, 2.4.2, 3.0.9rc1, 3.2.5rc1, 3.4.0alpha1
Fix Version/s: 3.0.11rc1, 3.2.8rc1, 3.4.2rc1, 4.0.0alpha1, 4.0 (plan)

Type: Problem report Priority: Minor
Reporter: Alexander Vladishev Assignee: Gregory Chalenko
Resolution: Fixed Votes: 0
Labels: validation
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File result-type-valid.png     PNG File result-types-now.png     XML File triggers.host.xml    
Team: Team A
Sprint: Sprint 3, Sprint 4, Sprint 5, Sprint 6, Sprint 7, Sprint 8, Sprint 9, Sprint 10, Sprint 11, Sprint 12, Sprint 13, Sprint 14, Sprint 15, Sprint 16
Story Points: 0.75

 Description   

Thanks to Cory Marsh for pointing to this issue.

It is possible to receive php errors on the trigger expressions test page:

Parse error: syntax error, unexpected '{' in include/triggers.inc.php(2257) : eval()'d code on line 1

    Undefined variable: result [tr_testexpr.php:147 ? evalExpressionData() in include/triggers.inc.php:2259]
    Undefined variable: result [tr_testexpr.php:167 ? evalExpressionData() in include/triggers.inc.php:2259]

How to reproduce:

  • open trigger expression test page with trigger function like {Zabbix server:agent.hostname.last()} (the value type of the item should be character, text or log)
  • enter value 
    {#DEF}*{hostname:mysql.primary_master.last($g=[`echo 41 > /tmp/h2.txt`];}#)}
  • press [Test] button

Possible solutions:

  1. to forbid character data for all value types
  2. to rewrite trigger expression evaluation algorythm without using eval() function

 Comments   
Comment by Gregory Chalenko [ 2017 Mar 13 ]

latest versions of 2.0, 2.2 branches contains regular expression based check to disallow any word character.
versions 3.0, 3.2 contains rewritten trigger parser which allow word characters in request but this is required by trigger, user can define it`s own macro and functions.
Changes made:

  • 2.0, 2.2 none
  • 3.0, 3.2 fixed "Undefined index" message. probably $_POST instead of $_REQUEST should be used for tr_testexpr.php

Fixed in: svn://svn.zabbix.com/branches/dev/ZBX-8997 r66319

Comment by Oleg Egorov (Inactive) [ 2017 Mar 20 ]

(1) Translation string changes

Strings added:

  • Incorrect item value type
  • Numeric (integer)

Strings deleted:

  • Numeric (integer 64bit)

sasha RESOLVED

gcalenko CLOSED Thank you.

Comment by Gregory Chalenko [ 2017 Sep 05 ]

Fixed in:

  • 3.0.11rc1 r72198
  • 3.2.8rc1 r72201
  • 3.4.2rc1 r72203
  • 4.0.0alpha1(trunk) r72205
Generated at Fri Apr 26 02:59:13 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.