Diagnostics - States, javascript error

Gertjan · Aug 16, 2008, 8:07 AM

That is perfectly normal…. ....This is part of using snapshots.

Don't worry, I know - it's just 'funy' to see an update being proposed, but one can not update to it. The effect is more visual mather then a technical one.

@Gertjan:

This issue is still there.

I'm talking the about the alert popup here, that flags an error.
I'm having the latest snapshot 1.2.1 now.

I tried 1.2 Stable - it works, or, no error popup.

Hummm, diag_dump_states.php needs some attention ;)

ryates · Aug 16, 2008, 10:03 PM

Confirmed still present on 1.2.1-RC1, Fri Aug 15 21:14:08 EDT 2008 using FireFox3 on Ubuntu 8.04

ryts

@NickC:

I get a pop-up box stating "An error occurred".

In diag_dump_states.php the function "removeState" makes an ajax request back to diag_dump_states.php which is failing, at least in my case. It returns non-zero which raises a pop-up with
alert('An error occurred.');
I don't know enough javascript/ajax to delve into why…

NickC

adrianhensler · Aug 17, 2008, 4:01 AM

I apologize - I first read this thread to report that the error was on the states page; not when deleting a state. I can confirm this error occurs for me as wel when trying to delete a state.

msurdi · Sep 26, 2008, 11:20 AM

Same problem here.

Is there any ticket open in order to track this bug status?

sbyoon · Oct 1, 2008, 8:18 AM

I foud the solution of this problem with some code changes on "diag_dump_states.php" as below.

From:

/* handle AJAX operations */
if($_GET['action']) {
if($_GET['action'] == "remove") {
$srcip = escapeshellarg($_GET['srcip']);
$dstip = escapeshellarg($_GET['dstip']);
if (is_ipaddr($srcip) and is_ipaddr($dstip)) {
$retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'");
echo "|{$srcip}|{$dstip}|{$retval}|";
} else {
echo "invalid input";
}
exit;
}
}

To:

/* handle AJAX operations */
if($_GET['action']) {
if($_GET['action'] == "remove") {
$srcip = $_GET['srcip'];
$dstip = $_GET['dstip'];
if (is_ipaddr($srcip) and is_ipaddr($dstip)) {
$retval = mwexec("/sbin/pfctl -k '{$srcip}' -k '{$dstip}'");
echo "|{$srcip}|{$dstip}|{$retval}|";
} else {
echo "invalid input";
}
exit;
}
}

NickC · Oct 1, 2008, 10:09 AM

Works for me. Thanks a lot. Can a submitter paste this in…?

Nick.

cmb · Oct 5, 2008, 12:09 AM

@sbyoon:

I foud the solution of this problem with some code changes on "diag_dump_states.php" as below.

That also opens up a security hole because it removes the input sanitation, so no, this won't be committed.

We'll find a solution though.

cmb · Oct 5, 2008, 12:17 AM

@cmb:

@sbyoon:

I foud the solution of this problem with some code changes on "diag_dump_states.php" as below.

That also opens up a security hole because it removes the input sanitation, so no, this won't be committed.

Actually it doesn't because of the later input validation, but we still always want to escapeshellarg on _GET's.

cmb · Oct 31, 2008, 4:13 AM

This is now fixed, or will be in the next snapshot dated after the time of this post.

NickC · Oct 31, 2008, 1:36 PM

I just updated to latest snapshot (Fri Oct 31 12:36:04 EDT 2008),
and yes the fix is in and working.

Thanks a lot.

Nick.