[ZBX-9087] Validation expression template for request parameter validator DB_ID is not completely functional Created: 2014 Nov 28 Updated: 2017 May 30 Resolved: 2015 Mar 04 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 2.0.13, 2.2.7, 2.4.2 |
Fix Version/s: | 2.0.15rc1, 2.2.9rc1, 2.4.4rc1, 2.5.0 |
Type: | Incident report | Priority: | Critical |
Reporter: | Krists Krigers (Inactive) | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | validation | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Expression template for DB_ID validator has unnecessary single quotes around first argument to bccomp(): define('DB_ID', "({}>=0&&bccomp('{}',\"10000000000000000000\")<0)&&"); When actually used in validation process, it produces following PHP code in function calc_exp2(): return (($_REQUEST["qqq"]["0"]>=0&&bccomp('$_REQUEST["qqq"]["0"]',"10000000000000000000")<0)) ? 1 : 0; Expression part with bccomp() in it will always evaluate to true, regardless of value in request. |
Comments |
Comment by Krists Krigers (Inactive) [ 2014 Dec 01 ] |
Base fix for 2.0 is done in r50947 and r50948, branch svn://svn.zabbix.com/branches/dev/ZBX-9087. |
Comment by Ivo Kurzemnieks [ 2015 Jan 30 ] |
(1) No translation string changes. sasha CLOSED |
Comment by Ivo Kurzemnieks [ 2015 Jan 30 ] |
(2)
iivs RESOLVED in r51945 sasha CLOSED |
Comment by Alexander Vladishev [ 2015 Feb 02 ] |
(3) Incorrect validation: In versions 2.0 and 2.2 the range can be from 0 to 99999999999999999 SQL errors occurs when trying to open link with big identifier: hosts.php?form=update&hostid=9999999999999999999 pg_query(): Query failed: ERROR: value "9999999999999999999" is out of range for type bigint LINE 1: SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999... ^ [include/db.inc.php:440] Error in query [SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999999999' AND h.status IN (0,1,3)] [ERROR: value "9999999999999999999" is out of range for type bigint LINE 1: SELECT h.hostid FROM hosts h WHERE h.hostid='9999999999999... ^] iivs RESOLVED in r51967 sasha CLOSED |
Comment by Ivo Kurzemnieks [ 2015 Feb 09 ] |
Upper bound of DB_ID is now "99999999999999999" for 2.0 and 2.2, and "9223372036854775807" for 2.4 and 2.5.0 (trunk). Fixed in:
|
Comment by Oleg Egorov (Inactive) [ 2015 Feb 10 ] |
(4) Parse error: syntax error, unexpected ''sort'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in C:\xampp\htdocs\trunk\frontends\php\hostinventoriesoverview.php on line 37 In Inventory->Overview oleg.egorov Fixed syntax error in r52141 sasha CLOSED |
Comment by Oleg Egorov (Inactive) [ 2015 Feb 10 ] |
Fixed in 2.4.4rc1 r52142, 2.5.0 r52143 |
Comment by Oleg Egorov (Inactive) [ 2015 Feb 25 ] |
(5) Reports->Bar reports->Distribution of values for multiple periods bccomp() expects parameter 1 to be string, array given [report6.php:72 → check_fields() → check_field() → calc_exp() → calc_exp2() → eval() → bccomp() in C:\xampp\htdocs\trunk\frontends\php\include\validate.inc.php(105) : eval()'d code:1] iivs Although there is no error in 2.0, I removed DB_ID validation for array in profile.php. Those are not real IDs from DB, just an array of integers. RESOLVED for 2.0 in svn://svn.zabbix.com/branches/dev/ZBX-9087 r52472 sasha This was moved to a separate Development branches was moved to CLOSED |