Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 305354 Details for
Bug 446379
CVE-2007-5803 nagios: XSS vulnerability
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
SuSE patch
nagios-2.9-CVE-2007-5803.diff (text/plain), 40.00 KB, created by
Tomas Hoger
on 2008-05-14 12:29:28 UTC
(
hide
)
Description:
SuSE patch
Filename:
MIME Type:
Creator:
Tomas Hoger
Created:
2008-05-14 12:29:28 UTC
Size:
40.00 KB
patch
obsolete
>From 51599d930477132a863eb547e0ab9b7170dc48f1 Mon Sep 17 00:00:00 2001 >From: Ludwig Nussel <ludwig.nussel@suse.de> >Date: Wed, 9 Apr 2008 16:34:01 +0200 >Subject: [PATCH] CVE-2007-5803 > >Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> > >Conflicts: > > cgi/cmd.c >--- > cgi/avail.c | 8 ++-- > cgi/cgiutils.c | 24 +++++++------ > cgi/cmd.c | 16 +++++----- > cgi/histogram.c | 8 ++-- > cgi/history.c | 4 +- > cgi/notifications.c | 6 ++-- > cgi/status.c | 88 +++++++++++++++++++++++++------------------------- > cgi/statusmap.c | 2 +- > cgi/statuswml.c | 40 +++++++++++----------- > cgi/trends.c | 8 ++-- > 10 files changed, 103 insertions(+), 101 deletions(-) > >diff --git a/cgi/avail.c b/cgi/avail.c >index 6479b29..7f5c88a 100644 >--- a/cgi/avail.c >+++ b/cgi/avail.c >@@ -511,11 +511,11 @@ int main(int argc, char **argv){ > if(display_type==DISPLAY_HOSTGROUP_AVAIL) > printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name); > if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL) >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_AVAIL) > printf("<input type='hidden' name='service' value='%s'>\n",svc_description); > if(display_type==DISPLAY_SERVICEGROUP_AVAIL) >- printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name); >+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name)); > > printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no"); > printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no"); >@@ -646,11 +646,11 @@ int main(int argc, char **argv){ > if(display_type==DISPLAY_HOSTGROUP_AVAIL) > printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name); > if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL) >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_AVAIL) > printf("<input type='hidden' name='service' value='%s'>\n",svc_description); > if(display_type==DISPLAY_SERVICEGROUP_AVAIL) >- printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name); >+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name)); > > printf("<table border=0 cellpadding=5>\n"); > >diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c >index f09eef0..48b3128 100644 >--- a/cgi/cgiutils.c >+++ b/cgi/cgiutils.c >@@ -128,7 +128,7 @@ lifo *lifo_list=NULL; > char *my_strtok_buffer=NULL; > char *original_my_strtok_buffer=NULL; > >-char encoded_url_string[MAX_INPUT_BUFFER]; >+char encoded_url_string[2][MAX_INPUT_BUFFER]; // 2 to be able use url_encode twice > char encoded_html_string[MAX_INPUT_BUFFER]; > > #ifdef HAVE_TZNAME >@@ -1297,46 +1297,48 @@ char * url_encode(char *input){ > int len,output_len; > int x,y; > char temp_expansion[4]; >+ static int i = 0; >+ char* str = encoded_url_string[i]; > > len=(int)strlen(input); >- output_len=(int)sizeof(encoded_url_string); >+ output_len=(int)sizeof(encoded_url_string[0]); > >- encoded_url_string[0]='\x0'; >+ str[0]='\x0'; > > for(x=0,y=0;x<=len && y<output_len-1;x++){ > > /* end of string */ > if((char)input[x]==(char)'\x0'){ >- encoded_url_string[y]='\x0'; >+ str[y]='\x0'; > break; > } > > /* alpha-numeric characters and a few other characters don't get encoded */ > else if(((char)input[x]>='0' && (char)input[x]<='9') || ((char)input[x]>='A' && (char)input[x]<='Z') || ((char)input[x]>=(char)'a' && (char)input[x]<=(char)'z') || (char)input[x]==(char)'.' || (char)input[x]==(char)'-' || (char)input[x]==(char)'_'){ >- encoded_url_string[y]=input[x]; >+ str[y]=input[x]; > y++; > } > > /* spaces are pluses */ > else if((char)input[x]<=(char)' '){ >- encoded_url_string[y]='+'; >+ str[y]='+'; > y++; > } > > /* anything else gets represented by its hex value */ > else{ >- encoded_url_string[y]='\x0'; >- if((int)strlen(encoded_url_string)<(output_len-3)){ >+ str[y]='\x0'; >+ if((int)strlen(str)<(output_len-3)){ > sprintf(temp_expansion,"%%%02X",(unsigned int)input[x]); >- strcat(encoded_url_string,temp_expansion); >+ strcat(str,temp_expansion); > y+=3; > } > } > } > >- encoded_url_string[sizeof(encoded_url_string)-1]='\x0'; >+ str[sizeof(encoded_url_string[0])-1]='\x0'; > >- return &encoded_url_string[0]; >+ return str; > } > > >diff --git a/cgi/cmd.c b/cgi/cmd.c >index a9cd485..15d7736 100644 >--- a/cgi/cmd.c >+++ b/cgi/cmd.c >@@ -949,10 +949,10 @@ void request_command_data(int cmd){ > printf("<INPUT TYPE='checkbox' NAME='persistent' CHECKED>"); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE'TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > break; > >@@ -975,10 +975,10 @@ void request_command_data(int cmd){ > printf("<INPUT TYPE='checkbox' NAME='persistent' CHECKED>"); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > break; > >@@ -1158,10 +1158,10 @@ void request_command_data(int cmd){ > printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc); > } > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > > printf("<tr><td CLASS='optBoxItem'><br></td></tr>\n"); >@@ -1290,10 +1290,10 @@ void request_command_data(int cmd){ > printf("</b></td></tr>\n"); > } > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > time(&t); > get_time_string(&t,buffer,sizeof(buffer)-1,SHORT_DATE_TIME); >diff --git a/cgi/histogram.c b/cgi/histogram.c >index 719f4d6..f0f5865 100644 >--- a/cgi/histogram.c >+++ b/cgi/histogram.c >@@ -406,9 +406,9 @@ int main(int argc, char **argv){ > printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI); > printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1); > printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_HISTOGRAM) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > > printf("<tr><td CLASS='optBoxItem' valign=top align=left>Report period:</td><td CLASS='optBoxItem' valign=top align=left>Assume state retention:</td></tr>\n"); >@@ -788,9 +788,9 @@ int main(int argc, char **argv){ > > printf("<TABLE BORDER=0 cellpadding=5>\n"); > printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_HISTOGRAM) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > printf("<tr><td class='reportSelectSubTitle' align=right>Report Period:</td>\n"); > printf("<td class='reportSelectItem'>\n"); >diff --git a/cgi/history.c b/cgi/history.c >index 4fc8f1a..6b1ad51 100644 >--- a/cgi/history.c >+++ b/cgi/history.c >@@ -201,9 +201,9 @@ int main(void){ > > printf("<table border=0 CLASS='optBox'>\n"); > printf("<form method=\"GET\" action=\"%s\">\n",HISTORY_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":url_encode(host_name)); > if(display_type==DISPLAY_SERVICES) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > printf("<input type='hidden' name='archive' value='%d'>\n",log_archive); > > printf("<tr>\n"); >diff --git a/cgi/notifications.c b/cgi/notifications.c >index 6a0761a..b5ff341 100644 >--- a/cgi/notifications.c >+++ b/cgi/notifications.c >@@ -212,11 +212,11 @@ int main(void){ > printf("<table border=0 CLASS='optBox'>\n"); > printf("<form method='GET' action='%s'>\n",NOTIFICATIONS_CGI); > if(query_type==FIND_SERVICE){ >- printf("<input type='hidden' name='host' value='%s'>\n",query_host_name); >- printf("<input type='hidden' name='service' value='%s'>\n",query_svc_description); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(query_host_name)); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(query_svc_description)); > } > else >- printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",(query_type==FIND_HOST)?query_host_name:query_contact_name); >+ printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",url_encode((query_type==FIND_HOST)?query_host_name:query_contact_name)); > printf("<input type='hidden' name='archive' value='%d'>\n",log_archive); > printf("<tr>\n"); > if(query_type==FIND_SERVICE) >diff --git a/cgi/status.c b/cgi/status.c >index 737cb21..e412def 100644 >--- a/cgi/status.c >+++ b/cgi/status.c >@@ -821,11 +821,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_OK); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Ok</A></TH>\n"); >@@ -833,11 +833,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_WARNING); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Warning</A></TH>\n"); >@@ -845,11 +845,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_UNKNOWN); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Unknown</A></TH>\n"); >@@ -857,11 +857,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_CRITICAL); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Critical</A></TH>\n"); >@@ -869,11 +869,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_PENDING); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Pending</A></TH>\n"); >@@ -910,11 +910,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_UNKNOWN|SERVICE_WARNING|SERVICE_CRITICAL); > printf("&hoststatustypes=%d'>",host_status_types); > printf("<I>All Problems</I></A></TH>\n"); >@@ -922,11 +922,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&hoststatustypes=%d'>",host_status_types); > printf("<I>All Types</I></A></TH>\n"); > >@@ -1035,11 +1035,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1053,11 +1053,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1071,11 +1071,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1089,11 +1089,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1132,11 +1132,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1150,11 +1150,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1261,7 +1261,7 @@ void show_service_detail(void){ > if(show_all_servicegroups==TRUE) > printf("All Service Groups"); > else >- printf("Service Group '%s'",servicegroup_name); >+ printf("Service Group '%s'",url_encode(servicegroup_name)); > } > else{ > if(show_all_hostgroups==TRUE) >@@ -1308,11 +1308,11 @@ void show_service_detail(void){ > snprintf(temp_url,sizeof(temp_url)-1,"%s?",STATUS_CGI); > temp_url[sizeof(temp_url)-1]='\x0'; > if(display_type==DISPLAY_HOSTS) >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"host=%s",host_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"servicegroup=%s&style=detail",servicegroup_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=detail",hostgroup_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=detail",url_encode(hostgroup_name)); > temp_buffer[sizeof(temp_buffer)-1]='\x0'; > strncat(temp_url,temp_buffer,sizeof(temp_url)-strlen(temp_url)-1); > temp_url[sizeof(temp_url)-1]='\x0'; >@@ -1859,7 +1859,7 @@ void show_host_detail(void){ > > snprintf(temp_url,sizeof(temp_url)-1,"%s?",STATUS_CGI); > temp_url[sizeof(temp_url)-1]='\x0'; >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=hostdetail",hostgroup_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=hostdetail",url_encode(hostgroup_name)); > temp_buffer[sizeof(temp_buffer)-1]='\x0'; > strncat(temp_url,temp_buffer,sizeof(temp_url)-strlen(temp_url)-1); > temp_url[sizeof(temp_url)-1]='\x0'; >diff --git a/cgi/statusmap.c b/cgi/statusmap.c >index 06cc3ad..64ace1b 100644 >--- a/cgi/statusmap.c >+++ b/cgi/statusmap.c >@@ -698,7 +698,7 @@ void display_page_header(void){ > printf("<table border=0 CLASS='optBox'>\n"); > printf("<tr><td valign=top>\n"); > printf("<form method=\"POST\" action=\"%s\">\n",STATUSMAP_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > printf("<input type='hidden' name='layout' value='%d'>\n",layout_method); > > printf("</td><td valign=top>\n"); >diff --git a/cgi/statuswml.c b/cgi/statuswml.c >index 8ef099f..0e40894 100644 >--- a/cgi/statuswml.c >+++ b/cgi/statuswml.c >@@ -621,7 +621,7 @@ void display_hostgroup_overview(void){ > printf("<card id='card1' title='Status Overview'>\n"); > printf("<p align='center' mode='nowrap'>\n"); > >- printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,hostgroup_name); >+ printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name)); > > /* check all hostgroups */ > for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){ >@@ -704,7 +704,7 @@ void display_hostgroup_summary(void){ > printf("<card id='card1' title='Status Summary'>\n"); > printf("<p align='center' mode='nowrap'>\n"); > >- printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,hostgroup_name); >+ printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name)); > > /* check all hostgroups */ > for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){ >@@ -926,7 +926,7 @@ void display_host(void){ > > printf("</table>\n"); > printf("<br/>\n"); >- printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,host_name); >+ printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name)); > printf("<b><anchor title='Host Commands'>Host Commands<go href='#card2'/></anchor></b>\n"); > printf("</p>\n"); > >@@ -945,23 +945,23 @@ void display_host(void){ > printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n"); > > if(temp_hoststatus->checks_enabled==FALSE) >- printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT); > else >- printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT); > > if(temp_hoststatus->notifications_enabled==FALSE) >- printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); > else >- printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); > > >- printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); > >- printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); > >- printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > >- printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > > printf("</p>\n"); > >@@ -981,7 +981,7 @@ void display_host(void){ > printf("<input name='comment'/>\n"); > > printf("<do type='accept'>\n"); >- printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,host_name,CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT); >+ printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT); > printf("</do>\n"); > > printf("</p>\n"); >@@ -1001,7 +1001,7 @@ void display_host_services(void){ > /**** MAIN SCREEN (CARD 1) ****/ > printf("<card id='card1' title='Host Services'>\n"); > printf("<p align='center' mode='nowrap'>\n"); >- printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",host_name,host_name,STATUSWML_CGI,host_name); >+ printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",url_encode(host_name),host_name,STATUSWML_CGI,url_encode(host_name)); > > printf("<table columns='2' align='LL'>\n"); > >@@ -1142,7 +1142,7 @@ void display_service(void){ > > printf("</table>\n"); > printf("<br/>\n"); >- printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,host_name); >+ printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name)); > printf("<b><anchor title='Service Commands'>Svc. Commands<go href='#card2'/></anchor></b>\n"); > printf("</p>\n"); > >@@ -1158,16 +1158,16 @@ void display_service(void){ > printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n"); > > if(temp_servicestatus->checks_enabled==FALSE) >- printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT); > else{ >- printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT); >- printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='start_time' value='%lu'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,(unsigned long)current_time,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='start_time' value='%lu'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),(unsigned long)current_time,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT); > } > > if(temp_servicestatus->notifications_enabled==FALSE) >- printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > else >- printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > > printf("</p>\n"); > >@@ -1187,7 +1187,7 @@ void display_service(void){ > printf("<input name='comment'/>\n"); > > printf("<do type='accept'>\n"); >- printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,host_name,service_desc,CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT); >+ printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT); > printf("</do>\n"); > > printf("</p>\n"); >diff --git a/cgi/trends.c b/cgi/trends.c >index 3998fe7..f58778c 100644 >--- a/cgi/trends.c >+++ b/cgi/trends.c >@@ -451,9 +451,9 @@ int main(int argc, char **argv){ > printf("<input type='hidden' name='nomap' value=''>\n"); > printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1); > printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_TRENDS) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no"); > printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no"); >@@ -897,9 +897,9 @@ int main(int argc, char **argv){ > > printf("<TABLE BORDER=0 CELLPADDING=5>\n"); > printf("<form method=\"GET\" action=\"%s\">\n",TRENDS_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_TRENDS) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > printf("<tr><td class='reportSelectSubTitle' align=right>Report period:</td>\n"); > printf("<td class='reportSelectItem'>\n"); >-- >1.5.3.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=305354">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 446379
: 305354