Skip to content

Commit b577c29

Browse files
gvdegvde
authored
fix #5743 use of perl regexp vs sql like (#5747)
1 parent 6183961 commit b577c29

File tree

2 files changed

+7
-8
lines changed

2 files changed

+7
-8
lines changed

CHANGELOG

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ Cacti CHANGELOG
3535
-issue#5731: Saving a Tree can cause the tree to become unpublished
3636
-issue#5732: Web Basic Authentication does not record user logins
3737
-issue#5733: When using Accent-based languages, translations may not work properly
38+
-issue#5743: Fix automation expressions for device rules
3839
-issue#5748: Improve PHP 8.1 Support during fresh install with boost
3940
-feature#5692: Add a device "enabled/disabled" indicator next to the graphs
4041
-feature#5710: Notify the admin periodically when a remote data collector goes into heartbeat status

lib/api_automation.php

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3086,20 +3086,18 @@ function automation_add_tree($host_id, $tree) {
30863086
function automation_find_os($sysDescr, $sysObject, $sysName) {
30873087
$sql_where = '';
30883088

3089-
$qsysObject = trim(db_qstr($sysObject), "'");
3090-
$qsysDescr = trim(db_qstr($sysDescr), "'");
3091-
$qsysName = trim(db_qstr($sysName), "'");
3089+
$sql_where .= "WHERE (? REGEXP sysDescr OR ? LIKE CONCAT('%', sysDescr, '%'))";
3090+
$sql_where .= " AND (? REGEXP sysOid OR ? LIKE CONCAT('%', sysOid, '%'))";
3091+
$sql_where .= " AND (? REGEXP sysName OR ? LIKE CONCAT('%', sysName, '%'))";
30923092

3093-
$sql_where .= trim($sysDescr) != '' ? 'WHERE (sysDescr REGEXP "(' . preg_quote($qsysDescr) . ')" OR ' . db_qstr($sysDescr) . ' LIKE CONCAT("%", sysDescr, "%"))':'';
3094-
$sql_where .= trim($sysObject) != '' ? ($sql_where != '' ? ' AND':'WHERE') . ' (sysOID REGEXP "(' . preg_quote($qsysObject) . ')" OR ' . db_qstr($sysObject) . ' LIKE CONCAT("%", sysOid, "%"))':'';
3095-
$sql_where .= trim($sysName) != '' ? ($sql_where != '' ? ' AND':'WHERE') . ' (sysName REGEXP "(' . preg_quote($qsysName) . ')" OR ' . db_qstr($sysName) . ' LIKE CONCAT("%", sysName, "%"))':'';
3093+
$params = array($sysDescr, $sysDescr, $sysObject, $sysObject, $sysName, $sysName);
30963094

3097-
$result = db_fetch_row("SELECT at.*,ht.name
3095+
$result = db_fetch_row_prepared("SELECT at.*,ht.name
30983096
FROM automation_templates AS at
30993097
INNER JOIN host_template AS ht
31003098
ON ht.id=at.host_template
31013099
$sql_where
3102-
ORDER BY sequence LIMIT 1");
3100+
ORDER BY sequence LIMIT 1", $params);
31033101

31043102
if (cacti_sizeof($result)) {
31053103
return $result;

0 commit comments

Comments
 (0)