Xymon Mailing List Archive search

Bug? Possible incorrect escaping of <img> tags in graphs

3 messages in this thread

list Dave Haertig · Sun, 10 Jun 2007 23:51:28 -0600 · 
I think I've encountered a bug in the way <img> tags are created for
graphs.
 From one of my status pages, below is the link to it's graph.  Notice
disp=Lantronix%20sshrseg1 in the <img> tag.
<IMG BORDER=0
SRC="/hobbit-cgi/hobbitgraph.sh?host=sshrseg1&amp;service=incomingdata&a
mp;graph_width=576&amp;graph_height=120&amp;disp=Lantronix%20sshrseg1&am
p;nostale&amp;graph=hourly&amp;action=view" ALT="hobbit graph
incomingdata">
#####
 
After clicking on the graph on the status page to open up the expanded
page with the 48hr, 12day, 48day and 576day graphs
the link below is for the first graph on that resulting page.  Notice
disp=Lantronix sshrseg1
The space was not represented as %20 like you'd expect.
 
<img
src="/hobbit-cgi/hobbitgraph.sh?host=sshrseg1&amp;service=incomingdata&a
mp;graph_height=120&amp;graph_width=576&amp;disp=Lantronix
sshrseg1&amp;nostale&amp;action=view&amp;graph=hourly" alt="hourly
graph">
 
#####
 
Even though the disp= part of that second img tag is not properly
escaped, the graph still displays (I don't know why).
However, it breaks if the text for the disp= was "Lantronix #1" for
example.  Apparently it chokes on the # character.
 
Those disp= entries above came from my bb-hosts file, where the relavent
line looks like this:
 
xxx.xxx.xxx.xxx  sshrseg1  # prefer incoming NAME:"Lantronix sshrseg1"
DESCR:"Terminal Server:Incoming Alarms"
 
That line used to look like the one below, but when it was like that,
the expanded graphs didn't display and zoom was broken:
 
xxx.xxx.xxx.xxx  sshrseg1  # prefer incoming NAME:"Lantronix #1"
DESCR:"Terminal Server:Incoming Alarms"
list Henrik Størner · Mon, 11 Jun 2007 10:00:20 +0200 ·
quoted from Dave Haertig
On Sun, Jun 10, 2007 at 11:51:28PM -0600, Haertig, David F (Dave) wrote:
After clicking on the graph on the status page to open up the expanded
page with the 48hr, 12day, 48day and 576day graphs
the link below is for the first graph on that resulting page.  Notice
disp=Lantronix sshrseg1
The space was not represented as %20 like you'd expect.
Thanks for noticing - the attached patch should fix that.


Regards,
Henrik
Attachments (1)
list Frédéric Mangeant · Mon, 11 Jun 2007 15:35:19 +0200 · 
Henrik Stoerner a écrit :
Thanks for noticing - the attached patch should fix that.
  
Hi Henrik

could you please update the all-in-one patch ?

Many thanks in advance !

-- 

Frédéric Mangeant

Steria EDC Sophia Antipolis