Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 142361 Details for
Bug 208398
net-analyzer/nagios-core <2.12 XSS issues (CVE-2007-5803)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2007-5803.diff
CVE-2007-5803.diff (text/plain), 39.87 KB, created by
Robert Buchholz (RETIRED)
on 2008-02-01 08:44:11 UTC
(
hide
)
Description:
CVE-2007-5803.diff
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-02-01 08:44:11 UTC
Size:
39.87 KB
patch
obsolete
>XSS fixes for CVE-2007-5803 > >Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de> >Index: nagios-2.10/cgi/history.c >=================================================================== >--- nagios-2.10.orig/cgi/history.c >+++ nagios-2.10/cgi/history.c >@@ -201,9 +201,9 @@ int main(void){ > > printf("<table border=0 CLASS='optBox'>\n"); > printf("<form method=\"GET\" action=\"%s\">\n",HISTORY_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":url_encode(host_name)); > if(display_type==DISPLAY_SERVICES) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > printf("<input type='hidden' name='archive' value='%d'>\n",log_archive); > > printf("<tr>\n"); >Index: nagios-2.10/cgi/notifications.c >=================================================================== >--- nagios-2.10.orig/cgi/notifications.c >+++ nagios-2.10/cgi/notifications.c >@@ -212,11 +212,11 @@ int main(void){ > printf("<table border=0 CLASS='optBox'>\n"); > printf("<form method='GET' action='%s'>\n",NOTIFICATIONS_CGI); > if(query_type==FIND_SERVICE){ >- printf("<input type='hidden' name='host' value='%s'>\n",query_host_name); >- printf("<input type='hidden' name='service' value='%s'>\n",query_svc_description); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(query_host_name)); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(query_svc_description)); > } > else >- printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",(query_type==FIND_HOST)?query_host_name:query_contact_name); >+ printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",url_encode((query_type==FIND_HOST)?query_host_name:query_contact_name)); > printf("<input type='hidden' name='archive' value='%d'>\n",log_archive); > printf("<tr>\n"); > if(query_type==FIND_SERVICE) >Index: nagios-2.10/cgi/status.c >=================================================================== >--- nagios-2.10.orig/cgi/status.c >+++ nagios-2.10/cgi/status.c >@@ -821,11 +821,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_OK); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Ok</A></TH>\n"); >@@ -833,11 +833,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_WARNING); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Warning</A></TH>\n"); >@@ -845,11 +845,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_UNKNOWN); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Unknown</A></TH>\n"); >@@ -857,11 +857,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_CRITICAL); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Critical</A></TH>\n"); >@@ -869,11 +869,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_PENDING); > printf("&hoststatustypes=%d'>",host_status_types); > printf("Pending</A></TH>\n"); >@@ -910,11 +910,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&servicestatustypes=%d",SERVICE_UNKNOWN|SERVICE_WARNING|SERVICE_CRITICAL); > printf("&hoststatustypes=%d'>",host_status_types); > printf("<I>All Problems</I></A></TH>\n"); >@@ -922,11 +922,11 @@ void show_service_status_totals(void){ > printf("<TH CLASS='serviceTotals'>"); > printf("<A CLASS='serviceTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s&style=detail",servicegroup_name); >+ printf("servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- printf("hostgroup=%s&style=detail",hostgroup_name); >+ printf("hostgroup=%s&style=detail",url_encode(hostgroup_name)); > printf("&hoststatustypes=%d'>",host_status_types); > printf("<I>All Types</I></A></TH>\n"); > >@@ -1035,11 +1035,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1053,11 +1053,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1071,11 +1071,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1089,11 +1089,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1132,11 +1132,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1150,11 +1150,11 @@ void show_host_status_totals(void){ > printf("<TH CLASS='hostTotals'>"); > printf("<A CLASS='hostTotals' HREF='%s?",STATUS_CGI); > if(display_type==DISPLAY_HOSTS) >- printf("host=%s",host_name); >+ printf("host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- printf("servicegroup=%s",servicegroup_name); >+ printf("servicegroup=%s",url_encode(servicegroup_name)); > else{ >- printf("hostgroup=%s",hostgroup_name); >+ printf("hostgroup=%s",url_encode(hostgroup_name)); > if((service_status_types!=all_service_status_types) || group_style_type==STYLE_DETAIL) > printf("&style=detail"); > else if(group_style_type==STYLE_HOST_DETAIL) >@@ -1261,7 +1261,7 @@ void show_service_detail(void){ > if(show_all_servicegroups==TRUE) > printf("All Service Groups"); > else >- printf("Service Group '%s'",servicegroup_name); >+ printf("Service Group '%s'",url_encode(servicegroup_name)); > } > else{ > if(show_all_hostgroups==TRUE) >@@ -1308,11 +1308,11 @@ void show_service_detail(void){ > snprintf(temp_url,sizeof(temp_url)-1,"%s?",STATUS_CGI); > temp_url[sizeof(temp_url)-1]='\x0'; > if(display_type==DISPLAY_HOSTS) >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"host=%s",host_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"host=%s",url_encode(host_name)); > else if(display_type==DISPLAY_SERVICEGROUPS) >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"servicegroup=%s&style=detail",servicegroup_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"servicegroup=%s&style=detail",url_encode(servicegroup_name)); > else >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=detail",hostgroup_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=detail",url_encode(hostgroup_name)); > temp_buffer[sizeof(temp_buffer)-1]='\x0'; > strncat(temp_url,temp_buffer,sizeof(temp_url)-strlen(temp_url)-1); > temp_url[sizeof(temp_url)-1]='\x0'; >@@ -1859,7 +1859,7 @@ void show_host_detail(void){ > > snprintf(temp_url,sizeof(temp_url)-1,"%s?",STATUS_CGI); > temp_url[sizeof(temp_url)-1]='\x0'; >- snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=hostdetail",hostgroup_name); >+ snprintf(temp_buffer,sizeof(temp_buffer)-1,"hostgroup=%s&style=hostdetail",url_encode(hostgroup_name)); > temp_buffer[sizeof(temp_buffer)-1]='\x0'; > strncat(temp_url,temp_buffer,sizeof(temp_url)-strlen(temp_url)-1); > temp_url[sizeof(temp_url)-1]='\x0'; >Index: nagios-2.10/cgi/avail.c >=================================================================== >--- nagios-2.10.orig/cgi/avail.c >+++ nagios-2.10/cgi/avail.c >@@ -511,11 +511,11 @@ int main(int argc, char **argv){ > if(display_type==DISPLAY_HOSTGROUP_AVAIL) > printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name); > if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL) >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_AVAIL) > printf("<input type='hidden' name='service' value='%s'>\n",svc_description); > if(display_type==DISPLAY_SERVICEGROUP_AVAIL) >- printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name); >+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name)); > > printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no"); > printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no"); >@@ -646,11 +646,11 @@ int main(int argc, char **argv){ > if(display_type==DISPLAY_HOSTGROUP_AVAIL) > printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name); > if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL) >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_AVAIL) > printf("<input type='hidden' name='service' value='%s'>\n",svc_description); > if(display_type==DISPLAY_SERVICEGROUP_AVAIL) >- printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name); >+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name)); > > printf("<table border=0 cellpadding=5>\n"); > >Index: nagios-2.10/cgi/cgiutils.c >=================================================================== >--- nagios-2.10.orig/cgi/cgiutils.c >+++ nagios-2.10/cgi/cgiutils.c >@@ -128,7 +128,7 @@ lifo *lifo_list=NULL; > char *my_strtok_buffer=NULL; > char *original_my_strtok_buffer=NULL; > >-char encoded_url_string[MAX_INPUT_BUFFER]; >+char encoded_url_string[2][MAX_INPUT_BUFFER]; // 2 to be able use url_encode twice > char encoded_html_string[MAX_INPUT_BUFFER]; > > #ifdef HAVE_TZNAME >@@ -1297,46 +1297,48 @@ char * url_encode(char *input){ > int len,output_len; > int x,y; > char temp_expansion[4]; >+ static int i = 0; >+ char* str = encoded_url_string[i]; > > len=(int)strlen(input); >- output_len=(int)sizeof(encoded_url_string); >+ output_len=(int)sizeof(encoded_url_string[0]); > >- encoded_url_string[0]='\x0'; >+ str[0]='\x0'; > > for(x=0,y=0;x<=len && y<output_len-1;x++){ > > /* end of string */ > if((char)input[x]==(char)'\x0'){ >- encoded_url_string[y]='\x0'; >+ str[y]='\x0'; > break; > } > > /* alpha-numeric characters and a few other characters don't get encoded */ > else if(((char)input[x]>='0' && (char)input[x]<='9') || ((char)input[x]>='A' && (char)input[x]<='Z') || ((char)input[x]>=(char)'a' && (char)input[x]<=(char)'z') || (char)input[x]==(char)'.' || (char)input[x]==(char)'-' || (char)input[x]==(char)'_'){ >- encoded_url_string[y]=input[x]; >+ str[y]=input[x]; > y++; > } > > /* spaces are pluses */ > else if((char)input[x]<=(char)' '){ >- encoded_url_string[y]='+'; >+ str[y]='+'; > y++; > } > > /* anything else gets represented by its hex value */ > else{ >- encoded_url_string[y]='\x0'; >- if((int)strlen(encoded_url_string)<(output_len-3)){ >+ str[y]='\x0'; >+ if((int)strlen(str)<(output_len-3)){ > sprintf(temp_expansion,"%%%02X",(unsigned int)input[x]); >- strcat(encoded_url_string,temp_expansion); >+ strcat(str,temp_expansion); > y+=3; > } > } > } > >- encoded_url_string[sizeof(encoded_url_string)-1]='\x0'; >+ str[sizeof(encoded_url_string[0])-1]='\x0'; > >- return &encoded_url_string[0]; >+ return str; > } > > >Index: nagios-2.10/cgi/cmd.c >=================================================================== >--- nagios-2.10.orig/cgi/cmd.c >+++ nagios-2.10/cgi/cmd.c >@@ -949,10 +949,10 @@ void request_command_data(int cmd){ > printf("<INPUT TYPE='checkbox' NAME='persistent' CHECKED>"); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > break; > >@@ -975,10 +975,10 @@ void request_command_data(int cmd){ > printf("<INPUT TYPE='checkbox' NAME='persistent' CHECKED>"); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > break; > >@@ -1158,10 +1158,10 @@ void request_command_data(int cmd){ > printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc); > } > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > > printf("<tr><td CLASS='optBoxItem'><br></td></tr>\n"); >@@ -1290,10 +1290,10 @@ void request_command_data(int cmd){ > printf("</b></td></tr>\n"); > } > printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",comment_author); >+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s'>",url_encode(comment_author)); > printf("</b></td></tr>\n"); > printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>"); >- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",comment_data); >+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data)); > printf("</b></td></tr>\n"); > time(&t); > get_time_string(&t,buffer,sizeof(buffer)-1,SHORT_DATE_TIME); >Index: nagios-2.10/cgi/histogram.c >=================================================================== >--- nagios-2.10.orig/cgi/histogram.c >+++ nagios-2.10/cgi/histogram.c >@@ -406,9 +406,9 @@ int main(int argc, char **argv){ > printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI); > printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1); > printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_HISTOGRAM) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > > printf("<tr><td CLASS='optBoxItem' valign=top align=left>Report period:</td><td CLASS='optBoxItem' valign=top align=left>Assume state retention:</td></tr>\n"); >@@ -788,9 +788,9 @@ int main(int argc, char **argv){ > > printf("<TABLE BORDER=0 cellpadding=5>\n"); > printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_HISTOGRAM) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > printf("<tr><td class='reportSelectSubTitle' align=right>Report Period:</td>\n"); > printf("<td class='reportSelectItem'>\n"); >Index: nagios-2.10/cgi/statusmap.c >=================================================================== >--- nagios-2.10.orig/cgi/statusmap.c >+++ nagios-2.10/cgi/statusmap.c >@@ -698,7 +698,7 @@ void display_page_header(void){ > printf("<table border=0 CLASS='optBox'>\n"); > printf("<tr><td valign=top>\n"); > printf("<form method=\"POST\" action=\"%s\">\n",STATUSMAP_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > printf("<input type='hidden' name='layout' value='%d'>\n",layout_method); > > printf("</td><td valign=top>\n"); >Index: nagios-2.10/cgi/statuswml.c >=================================================================== >--- nagios-2.10.orig/cgi/statuswml.c >+++ nagios-2.10/cgi/statuswml.c >@@ -621,7 +621,7 @@ void display_hostgroup_overview(void){ > printf("<card id='card1' title='Status Overview'>\n"); > printf("<p align='center' mode='nowrap'>\n"); > >- printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,hostgroup_name); >+ printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name)); > > /* check all hostgroups */ > for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){ >@@ -704,7 +704,7 @@ void display_hostgroup_summary(void){ > printf("<card id='card1' title='Status Summary'>\n"); > printf("<p align='center' mode='nowrap'>\n"); > >- printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,hostgroup_name); >+ printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name)); > > /* check all hostgroups */ > for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){ >@@ -926,7 +926,7 @@ void display_host(void){ > > printf("</table>\n"); > printf("<br/>\n"); >- printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,host_name); >+ printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name)); > printf("<b><anchor title='Host Commands'>Host Commands<go href='#card2'/></anchor></b>\n"); > printf("</p>\n"); > >@@ -945,23 +945,23 @@ void display_host(void){ > printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n"); > > if(temp_hoststatus->checks_enabled==FALSE) >- printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT); > else >- printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT); > > if(temp_hoststatus->notifications_enabled==FALSE) >- printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); > else >- printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT); > > >- printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); > >- printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT); > >- printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > >- printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > > printf("</p>\n"); > >@@ -981,7 +981,7 @@ void display_host(void){ > printf("<input name='comment'/>\n"); > > printf("<do type='accept'>\n"); >- printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,host_name,CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT); >+ printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT); > printf("</do>\n"); > > printf("</p>\n"); >@@ -1001,7 +1001,7 @@ void display_host_services(void){ > /**** MAIN SCREEN (CARD 1) ****/ > printf("<card id='card1' title='Host Services'>\n"); > printf("<p align='center' mode='nowrap'>\n"); >- printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",host_name,host_name,STATUSWML_CGI,host_name); >+ printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",url_encode(host_name),host_name,STATUSWML_CGI,url_encode(host_name)); > > printf("<table columns='2' align='LL'>\n"); > >@@ -1142,7 +1142,7 @@ void display_service(void){ > > printf("</table>\n"); > printf("<br/>\n"); >- printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,host_name); >+ printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name)); > printf("<b><anchor title='Service Commands'>Svc. Commands<go href='#card2'/></anchor></b>\n"); > printf("</p>\n"); > >@@ -1158,16 +1158,16 @@ void display_service(void){ > printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n"); > > if(temp_servicestatus->checks_enabled==FALSE) >- printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT); > else{ >- printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT); >- printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='start_time' value='%lu'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,(unsigned long)current_time,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT); >+ printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='start_time' value='%lu'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),(unsigned long)current_time,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT); > } > > if(temp_servicestatus->notifications_enabled==FALSE) >- printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > else >- printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,host_name,service_desc,CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); >+ printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT); > > printf("</p>\n"); > >@@ -1187,7 +1187,7 @@ void display_service(void){ > printf("<input name='comment'/>\n"); > > printf("<do type='accept'>\n"); >- printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,host_name,service_desc,CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT); >+ printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT); > printf("</do>\n"); > > printf("</p>\n"); >Index: nagios-2.10/cgi/trends.c >=================================================================== >--- nagios-2.10.orig/cgi/trends.c >+++ nagios-2.10/cgi/trends.c >@@ -451,9 +451,9 @@ int main(int argc, char **argv){ > printf("<input type='hidden' name='nomap' value=''>\n"); > printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1); > printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_TRENDS) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no"); > printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no"); >@@ -897,9 +897,9 @@ int main(int argc, char **argv){ > > printf("<TABLE BORDER=0 CELLPADDING=5>\n"); > printf("<form method=\"GET\" action=\"%s\">\n",TRENDS_CGI); >- printf("<input type='hidden' name='host' value='%s'>\n",host_name); >+ printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name)); > if(display_type==DISPLAY_SERVICE_TRENDS) >- printf("<input type='hidden' name='service' value='%s'>\n",svc_description); >+ printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description)); > > printf("<tr><td class='reportSelectSubTitle' align=right>Report period:</td>\n"); > printf("<td class='reportSelectItem'>\n");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=142361">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 208398
:
142361
|
142376
|
153125
