diff options
Diffstat (limited to 'modules-available/statistics/api.inc.php')
| -rw-r--r-- | modules-available/statistics/api.inc.php | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/modules-available/statistics/api.inc.php b/modules-available/statistics/api.inc.php index 30e0ebc8..3e7af1fc 100644 --- a/modules-available/statistics/api.inc.php +++ b/modules-available/statistics/api.inc.php @@ -51,8 +51,8 @@ if ($type{0} === '~') { $kvmstate = Request::post('kvmstate', 'UNKNOWN', 'string'); $valid = array('UNKNOWN', 'UNSUPPORTED', 'DISABLED', 'ENABLED'); if (!in_array($kvmstate, $valid)) $kvmstate = 'UNKNOWN'; - $cpumodel = Request::post('cpumodel', '', 'string'); - $systemmodel = Request::post('systemmodel', '', 'string'); + $cpumodel = Util::cleanUtf8(Request::post('cpumodel', '', 'string')); + $systemmodel = Util::cleanUtf8(Request::post('systemmodel', '', 'string')); $id44mb = Request::post('id44mb', 0, 'integer'); if ($id44mb < 0 || $id44mb > 10240000) $id44mb = 0; $badsectors = Request::post('badsectors', 0, 'integer'); @@ -61,7 +61,7 @@ if ($type{0} === '~') { if (!is_string($hostname) || $hostname === $ip) { $hostname = ''; } - $data = Request::post('data', '', 'string'); + $data = Util::cleanUtf8(Request::post('data', '', 'string')); // Prepare insert/update to machine table $new = array( 'uuid' => $uuid, @@ -99,7 +99,7 @@ if ($type{0} === '~') { $moresql .= ' hostname = :hostname,'; } if (($runmode = Request::post('runmode', false, 'string')) !== false) { - $new['currentrunmode'] = $runmode; + $new['currentrunmode'] = Util::cleanUtf8($runmode); $moresql .= ' currentrunmode = :currentrunmode,'; } $new['oldstate'] = $old['state']; @@ -224,7 +224,7 @@ if ($type{0} === '~') { $params['_' . $item] = ceil(Request::post($item, 0, 'int') / 1024); } if (($runmode = Request::post('runmode', false, 'string')) !== false) { - $params['currentrunmode'] = $runmode; + $params['currentrunmode'] = Util::cleanUtf8($runmode); $strUpdateBoottime .= ' currentrunmode = :currentrunmode, '; } // Figure out what's happening - state changes @@ -243,6 +243,9 @@ if ($type{0} === '~') { if ($sessionLength !== 0 || $old['logintime'] === 0) { // This event is a start of a new session, rather than an update $params['user'] = Request::post('user', null, 'string'); + if (is_string($params['user'])) { + $params['user'] = Util::cleanUtf8($params['user']); + } $res = Database::exec('UPDATE machine SET lastseen = UNIX_TIMESTAMP(),' . $strUpdateBoottime . " logintime = UNIX_TIMESTAMP(), currentuser = :user, currentsession = NULL, state = 'OCCUPIED' " @@ -290,7 +293,8 @@ if ($type{0} === '~') { if (!array_key_exists('name', $screen)) continue; // Filter bogus data - $screen['name'] = iconv('UTF-8', 'UTF-8//IGNORE', $screen['name']); + $screen['name'] = Util::cleanUtf8($screen['name']); + $port = Util::cleanUtf8($port); if (empty($screen['name'])) continue; if (array_key_exists($screen['name'], $hwids)) { @@ -321,7 +325,7 @@ if ($type{0} === '~') { . " VALUES (:id, :key, :value) ON DUPLICATE KEY UPDATE value = VALUES(value)", array( 'id' => $machinehwid, 'key' => $key, - 'value' => $value, + 'value' => Util::cleanUtf8($value), )); } } @@ -439,8 +443,8 @@ if ($type{0} === '.') { if ($type === '.vmchooser-session') { $user = Request::post('user', 'unknown', 'string'); $loguser = Request::post('loguser', 0, 'int') !== 0; - $sessionName = Request::post('name', 'unknown', 'string'); - $sessionUuid = Request::post('uuid', '', 'string'); + $sessionName = Util::cleanUtf8(Request::post('name', 'unknown', 'string')); + $sessionUuid = Util::cleanUtf8(Request::post('uuid', '', 'string')); $session = strlen($sessionUuid) === 36 ? $sessionUuid : $sessionName; Database::exec("UPDATE machine SET currentuser = :user, currentsession = :session WHERE clientip = :ip", compact('user', 'session', 'ip')); |