Nagios Core 3.5.0rc1
Randal, Phil
phil.randal at hoopleltd.co.uk
Fri Mar 8 21:49:40 CET 2013
Hi Eric,
I’ve double checked my configs against the base 3.5.0rc1 cgi.cfg and nagios.cfg, nothing in them to cause a problem (except I made sure cgi.cfg had
escape_html_tags=0
What’s happening is that the double quote character in a href="www.dell.com ..." is being escaped into "
Even if it was correct to escape it at that point, there's a bug (no semicolon at end of string, e.g. &h34;)
Patch to fix that issue:
diff -Naur cgiutils.c.old cgiutils.c
--- cgiutils.c.old 2013-03-08 20:14:51.000000000 +0000
+++ cgiutils.c 2013-03-08 20:16:17.000000000 +0000
@@ -1055,7 +1055,7 @@
/* for simplicity, all other chars represented by their numeric value */
else {
- sprintf( temp_expansion, "&#%u", *( unsigned int *)inwcp);
+ sprintf( temp_expansion, "&#%u;", *( unsigned int *)inwcp);
if((( outstp - encoded_html_string) + strlen( temp_expansion)) <
output_max) {
strncpy( outstp, temp_expansion, strlen( temp_expansion));
@@ -1154,7 +1154,7 @@
/* Encode everything else (this may be excessive) */
else {
- sprintf( temp_expansion, "&#%u", ( unsigned int)wctemp[ 0]);
+ sprintf( temp_expansion, "&#%u;", ( unsigned int)wctemp[ 0]);
if((( stp - encoded_html_string) + strlen( temp_expansion)) <
output_max) {
strncpy( stp, temp_expansion, strlen( temp_expansion));
Even with that issue fixed firefox and IE mishandle urls of form
href="http://www.dell.com/support/troubleshooting/uk/en/nodhs1/Index?t=warranty&servicetag=xxxxxxx"
It expects
href="http://www.dell.com/support/troubleshooting/uk/en/nodhs1/Index?t=warranty&servicetag=xxxxxxx"
which is the original plugin output.
status.cgi in 3.4.4 didn't escape the double quote character, which is the difference between the working 3.4.4 and broken 3.5.0rc1
CentOS 5.9, Apache httpd-2.2.3-76.el5.centos
Cheers,
Phil
From: Eric Stanley [mailto:estanley at nagios.com]
Sent: 08 March 2013 17:27
To: Nagios Developers List
Subject: Re: [Nagios-devel] Nagios Core 3.5.0rc1
Sorry, Phil, but I'm still not able to reproduce it. I tried using the check_esxi_hardware.py plugin and I get the following displayed in the 'Status Information' column on the status.cgi:
OK - Server: Dell Inc. <a href="http://support.dell.com/support/edocs/systems/peT710/">PowerEdge T710</a> s/n: <a href="http://www.dell.com/support/troubleshooting/us/en/nodhs1/Index?t=warranty&servicetag=xxxxxxx">xxxxxxxx</a> System BIOS: 6.0.7 2011-08-18
Can you send the applicable configs?
Thanks,
Eric
On 3/7/13 6:48 AM, Randal, Phil wrote:
./check_openmanage -H hc-server -I
OK - System: '<a target="_blank" href=http://support.dell.com/support/edocs/systems/pe1955/>PowerEdge 1955</a>', SN: '<a target="_blank" href="http://www.dell.com/support/troubleshooting/Index?t=warranty&servicetag=xxxxxx">xxxxxxx</a>', 16 GB ram (8 dimms), 1 logical drives, 2 physical drives
The href lines are what are getting mangled (appended in quotes) to the base cgi url
Both 3.4.4 and 3.4.5rc1 work fine.
It's my own rpm build, but that shouldn't make any difference.
Cheers,
Phil
-----Original Message-----
From: Eric Stanley [mailto:estanley at nagios.com]
Sent: 07 March 2013 12:03
To: nagios-devel at lists.sourceforge.net
Subject: Re: [Nagios-devel] Nagios Core 3.5.0rc1
Thanks for the report, Phil.
I'm having a hard time guessing what might have broken that between
3.4.4 and now. I did a quick test using check_dummy and I don't see the issue.
Are you running 3.4.4? If not, what version are you running where it works correctly? Also, where do you see the broken URL?
Could you send me the output of the plugin(s) run from the command line?
Thanks,
Eric
On 3/5/13 11:53 AM, Randal, Phil wrote:
3.5.0rc1 breaks check_openmanage output (and check_esxi_hardware.py
output in the same way)
A link which should be, for example,
http://support.dell.com/support/edocs/systems/peR815/
gets mangled into something liek
http://<yournagiosserver>/nagios/cgi-bin/"http://support.dell.com/support/edocs/systems/peR815/"
Cheers,
Phil
-----Original Message-----
From: Eric Stanley [mailto:estanley at nagios.com]
Sent: 28 February 2013 11:59
To: Nagios Developers List
Subject: [Nagios-devel] Nagios Core 3.5.0rc1
Sorry for multiple release candidates, but I fixed two more issues with the CGIs that are very closely related to issues fixed in the 3.4.5rc1 tarball.
The release has also been bumped to 3.5.0 because of an ABI change. (It should have been bumped prior to 3.4.5rc1.) The downtime structure had a member added to help resolve the downtime notification problem. This means that modules will need to be recompiled to use this version.
You can download the 3.5.0rc1 tarball from http://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.5.0/nagios-3.5.0rc1.tar.gz/download.
Feel free to compile it and try it (on a test system, please). The 3.4.5 candidate did not generate much feedback and I'm hoping no news is good news. The changes between 3.4.5rc1 and 3.5.0rc1 are relatively minor, so I don't plan to wait long until releasing 3.5.0.
The complete changelog since 3.4.4 is as follows:
* Fixed bug #403: The "configuration" page of the webui doesn't use
entity encoding when displaying the "command expansion" item (Eric
Stanley)
* Fixed bug #424: Nagios Core 3.4.4 seg fault (core dump) on restart
after removing config for running service (Eric Stanley)
* Updated CGI utility functions to support UTF-8 characters (Eric
Stanley)
* Fixed bug where selecting Command Expansion from Configuration CGI
page would display commands instead (Eric Stanley)
* Fixed bug #369: status.cgi crashes with segfault when there are
german ulauts (äöüß) in the hostname or the servicename (Eric Stanley)
* Fixed bug #418: Scheduled Downtime Notifications Resent On Nagios
Restart/reload (Eric Stanley)
--
Eric Stanley
___
Developer
Nagios Enterprises, LLC
Email: estanley at nagios.com
Web: www.nagios.com
----------------------------------------------------------------------
-------- Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics Download AppDynamics Lite
for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
“Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
----------------------------------------------------------------------
-------- Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics Download AppDynamics Lite
for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
--
Eric Stanley
___
Developer
Nagios Enterprises, LLC
Email: estanley at nagios.com
Web: www.nagios.com
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
--
Eric Stanley
___
Developer
Nagios Enterprises, LLC
Email: estanley at nagios.com
Web: www.nagios.com
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
More information about the Developers
mailing list