diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/exilog_parse.pm | 6 | ||||
| -rw-r--r-- | lib/exilog_sql.pm | 77 | ||||
| -rw-r--r-- | lib/exilog_util.pm | 40 |
3 files changed, 73 insertions, 50 deletions
diff --git a/lib/exilog_parse.pm b/lib/exilog_parse.pm index 2074b13..f1d49df 100644 --- a/lib/exilog_parse.pm +++ b/lib/exilog_parse.pm @@ -40,7 +40,7 @@ sub _parse_error { $subj = _parse_delivery($subj,$h); m/()()/; - if ($subj =~ / host ([^ ]+?) \[([0-9.]+?)\]\:/) { + if ($subj =~ / host ([^ ]+?) \[([0-9A-Fa-f:.]+?)\]\:/) { $h->{host_addr} = $2; $h->{host_dns} = $1; }; @@ -58,7 +58,7 @@ sub _parse_deferral { $subj = _parse_delivery($subj,$h); - if ($subj =~ / host ([^ ]+?) \[([0-9.]+?)\]\:/) { + if ($subj =~ / host ([^ ]+?) \[([0-9A-Fa-f:.]+?)\]\:/) { $h->{host_addr} = $2; $h->{host_dns} = $1; }; @@ -138,7 +138,7 @@ sub _parse_arrival { if ($1) { my $hstr = $1; m/()/; - $hstr =~ s/\[([0-9.]+)\]$//; + $hstr =~ s/\[([0-9A-Fa-f:.]+)\]$//; $h->{host_addr} = $1 if ($1); $hstr =~ s/^ +//; diff --git a/lib/exilog_sql.pm b/lib/exilog_sql.pm index 7c116a6..8dcc348 100644 --- a/lib/exilog_sql.pm +++ b/lib/exilog_sql.pm @@ -158,7 +158,7 @@ sub _pgsql_sql_update_heartbeat { sub _pgsql_sql_queue_delete { my $spool_path = shift; - $dbh->do("DELETE FROM queue WHERE spool_path='$spool_path'"); + $dbh->do("DELETE FROM queue WHERE spool_path=".$dbh->quote($spool_path)); }; sub _pgsql_sql_queue_update { @@ -182,13 +182,12 @@ sub _pgsql_sql_queue_update { my @tmp; foreach my $item (keys %{ $hdr }) { - my $value = $hdr->{$item}; - $value =~ s/\'/\'\'/g; - $value =~ s/\n/\\n/g; - push @tmp, $item.'='."'".$value."'"; + push @tmp, $item.'='.$dbh->quote($hdr->{$item}); }; - $dbh->do("UPDATE queue SET ".join(",",@tmp)." WHERE message_id='".$message_id."' AND server='".$server."'"); + $dbh->do("UPDATE queue SET ".join(",",@tmp). + " WHERE message_id=".$dbh->quote($message_id). + " AND server=".$dbh->quote($server)); }; sub _pgsql_sql_queue_add { @@ -208,10 +207,7 @@ sub _pgsql_sql_queue_add { my @fields = sort {$a cmp $b} keys(%{$hdr}); my @vals = (); foreach (@fields) { - my $val = $hdr->{$_}; - $val =~ s/\'/\'\'/g; - $val =~ s/\n/\\n/g; - push @vals, "'".$val."'"; + push @vals, $dbh->quote($hdr->{$_}); }; $dbh->do("INSERT INTO queue (".join(',',@fields).") VALUES(".join(',',@vals).")"); @@ -281,7 +277,9 @@ sub _pgsql_write_message { # Special case: we only need to UPDATE the 'completed' field # in the messages table. if ( ($h->{table} eq 'messages') && (exists($h->{data}->{completed})) ) { - my $rc = $dbh->do("UPDATE messages SET completed='".$h->{data}->{completed}."' WHERE message_id='".$h->{data}->{message_id}."' AND server='".$server."'"); + my $rc = $dbh->do("UPDATE messages SET completed=".$dbh->quote($h->{data}->{completed}). + " WHERE message_id=".$dbh->quote($h->{data}->{message_id}). + " AND server=".$dbh->quote($server)); if (defined($rc)) { return 1; } @@ -292,15 +290,9 @@ sub _pgsql_write_message { } else { my @fields = sort {$a cmp $b} keys(%{$h->{data}}); - my @vals = ( "'".$server."'" ); - foreach (@fields) { - my $val = $h->{data}->{$_}; - $val =~ s/\'/\'\'/g; - # shorten $val to limit and remove eventual - # trailing quote and backslash characters. - $val = substr($val,0,255); - $val =~ s/[\\']+$//; - push @vals, "'".$val."'"; + my @vals = ( $dbh->quote($server) ); + foreach (@fields) { + push @vals, $dbh->quote(substr($h->{data}->{$_},0,255)); }; unshift @fields, 'server'; @@ -345,7 +337,7 @@ sub _mysql_sql_update_heartbeat { sub _mysql_sql_queue_delete { my $spool_path = shift; - $dbh->do("DELETE FROM queue WHERE spool_path='$spool_path'"); + $dbh->do("DELETE FROM queue WHERE spool_path=".$dbh->quote($spool_path)); }; sub _mysql_sql_queue_update { @@ -360,13 +352,12 @@ sub _mysql_sql_queue_update { my @tmp; foreach my $item (keys %{ $hdr }) { - my $value = $hdr->{$item}; - $value =~ s/\'/\'\'/g; - $value =~ s/\n/\\n/g; - push @tmp, $item.'='."'".$value."'"; + push @tmp, $item.'='.$dbh->quote($hdr->{$item}); }; - $dbh->do("UPDATE queue SET ".join(",",@tmp)." WHERE message_id='".$message_id."' AND server='".$server."'"); + $dbh->do("UPDATE queue SET ".join(",",@tmp). + " WHERE message_id=".$dbh->quote($message_id). + " AND server=".$dbh->quote($server)); }; sub _mysql_sql_queue_add { @@ -377,10 +368,7 @@ sub _mysql_sql_queue_add { my @fields = sort {$a cmp $b} keys(%{$hdr}); my @vals = (); foreach (@fields) { - my $val = $hdr->{$_}; - $val =~ s/\'/\'\'/g; - $val =~ s/\n/\\n/g; - push @vals, "'".$val."'"; + push @vals, $dbh->quote($hdr->{$_}); }; $dbh->do("INSERT INTO queue (".join(',',@fields).") VALUES(".join(',',@vals).")"); @@ -391,14 +379,17 @@ sub _mysql_sql_queue_set_action { my $message_id = shift; my $action = shift; - $dbh->do("UPDATE queue SET action='$action' WHERE server='$server' AND message_id='$message_id'"); + $dbh->do("UPDATE queue SET action=".$dbh->quote($action). + " WHERE server=".$dbh->quote($server). + " AND message_id=".$dbh->quote($message_id)); }; sub _mysql_sql_queue_clear_action { my $server = shift; my $message_id = shift; - $dbh->do("UPDATE queue SET action=NULL WHERE server='$server' AND message_id='$message_id'"); + $dbh->do("UPDATE queue SET action=NULL WHERE server=".$dbh->quote($server). + " AND message_id=".$dbh->quote($message_id)); }; @@ -457,7 +448,9 @@ sub _mysql_write_message { # Special case: we only need to UPDATE the 'completed' field # in the messages table. if ( ($h->{table} eq 'messages') && (exists($h->{data}->{completed})) ) { - my $rc = $dbh->do("UPDATE messages SET completed='".$h->{data}->{completed}."' WHERE message_id='".$h->{data}->{message_id}."' AND server='".$server."'"); + my $rc = $dbh->do("UPDATE messages SET completed=".$dbh->quote($h->{data}->{completed}). + " WHERE message_id=".$dbh->quote($h->{data}->{message_id}). + " AND server=".$dbh->quote($server)); if (defined($rc)) { return 1; } @@ -468,15 +461,9 @@ sub _mysql_write_message { } else { my @fields = sort {$a cmp $b} keys(%{$h->{data}}); - my @vals = ( "'".$server."'" ); + my @vals = ( $dbh->quote($server) ); foreach (@fields) { - my $val = $h->{data}->{$_}; - $val =~ s/\'/\'\'/g; - # shorten $val to limit and remove eventual - # trailing quote and backslash characters. - $val = substr($val,0,255); - $val =~ s/[\\']+$//; - push @vals, "'".$val."'"; + push @vals, $dbh->quote(substr($h->{data}->{$_},0,255)); }; unshift @fields, 'server'; @@ -543,7 +530,7 @@ sub _build_WHERE { # array ref, use exact string match with OR my $str = "( "; foreach my $entry (@{ $criteria->{$col} }) { - $str .= " ".$col." = '".$entry."' OR"; + $str .= " ".$col." = ".$dbh->quote($entry)." OR"; }; chop($str);chop($str); $str .= " )"; @@ -555,14 +542,14 @@ sub _build_WHERE { if (($criteria->{$col} =~ /\%/) || ($criteria->{$col} =~ /\_/)) { # use ILIKE for PGSQL if ($config->{sql}->{type} eq 'pgsql') { - push @set, $col." ILIKE '".$criteria->{$col}."'"; + push @set, $col." ILIKE ".$dbh->quote($criteria->{$col}); } else { - push @set, $col." LIKE '".$criteria->{$col}."'"; + push @set, $col." LIKE ".$dbh->quote($criteria->{$col}); }; } else { - push @set, $col." = '".$criteria->{$col}."'"; + push @set, $col." = ".$dbh->quote($criteria->{$col}); }; }; }; diff --git a/lib/exilog_util.pm b/lib/exilog_util.pm index c50e679..2823bf2 100644 --- a/lib/exilog_util.pm +++ b/lib/exilog_util.pm @@ -29,6 +29,9 @@ BEGIN { &date_to_stamp &stamp_to_date &human_size + &dos2rx + &dos2sql + &png ); %EXPORT_TAGS = (); @@ -36,9 +39,42 @@ BEGIN { # your exported package globals go here, # as well as any optionally exported functions @EXPORT_OK = qw(); + +} + +sub png { + my $image = shift; + my $width = shift; + my $height = shift; + my $title = shift || ""; + + return '<img src="'.$image.'" width="'.$width.'" height="'.$height.'" title="'.$title.'" border="0">'; } +# turns DOS wildcards (* and ?) into regular expressions +sub dos2rx { + my $cand = shift; + + # quote every funky character + $cand =~ s/([^A-Za-z0-9 _?*])/\\$1/g; + + $cand =~ s/\?/./g; + $cand =~ s/\*/.*?/g; + + return '^'.$cand.'$'; +}; + +# turns DOS wildcards (* and ?) into SQL wildcards (% and .) +sub dos2sql { + my $cand = shift; + + $cand =~ s/\*/%/g; + $cand =~ s/\?/./g; + + return $cand; +}; + # checks if scalar is in array sub ina { my $aref = shift || []; @@ -87,7 +123,7 @@ sub date_to_stamp { $year-=1900; $month--; - # This is for parsing timestamps that include GMT offsets + # This is for parsing timestamps that include GMT offsets if (edv($junk)) { my $hoff = ($junk =~ /[-+](\d\d)\d\d/); my $moff = ($junk =~ /[-+]\d\d(\d\d)/); @@ -98,7 +134,7 @@ sub date_to_stamp { else { $hour = $hour + $hoff; $minute = $minute + $moff; - } + } }; if ($config->{web}->{timestamps} eq 'local') { |