diff --git a/ChangeLog b/ChangeLog index a617b231c9..db6805001c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ PHORONIX TEST SUITE CHANGE-LOG +Phoronix Test Suite (Git) + +phodevi: Input sanitization updates for Phoromatic Server + Phoronix Test Suite 10.8.0 25 December 2021 diff --git a/pts-core/objects/pts_env.php b/pts-core/objects/pts_env.php index 5d53ddaa0f..ba88efab75 100644 --- a/pts-core/objects/pts_env.php +++ b/pts-core/objects/pts_env.php @@ -650,7 +650,7 @@ public static function get_posted_options($limit = false) } if(!empty($v) && $v !== 0) { - $posted[$var] = $v; + $posted[$var] = pts_strings::sanitize($v); } } } diff --git a/pts-core/objects/pts_phoroql.php b/pts-core/objects/pts_phoroql.php index 0ef49ed033..1d94eb3b61 100644 --- a/pts-core/objects/pts_phoroql.php +++ b/pts-core/objects/pts_phoroql.php @@ -22,7 +22,7 @@ class pts_phoroql { - public static function evaluate_search_tree($tree, $join = 'AND', $callback) + public static function evaluate_search_tree($tree, $join = 'AND', $callback = '') { $matches = false; diff --git a/pts-core/objects/pts_result_viewer_embed.php b/pts-core/objects/pts_result_viewer_embed.php index 060000d650..a7f90a19dd 100644 --- a/pts-core/objects/pts_result_viewer_embed.php +++ b/pts-core/objects/pts_result_viewer_embed.php @@ -3,8 +3,8 @@ /* Phoronix Test Suite URLs: http://www.phoronix.com, http://www.phoronix-test-suite.com/ - Copyright (C) 2018 - 2020, Phoronix Media - Copyright (C) 2018 - 2020, Michael Larabel + Copyright (C) 2018 - 2022, Phoronix Media + Copyright (C) 2018 - 2022, Michael Larabel This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -119,8 +119,8 @@ public function get_html() $html_options = self::get_html_options_markup($result_file, $_REQUEST, $this->result_public_id, $this->can_delete_results); self::process_request_to_attributes($_REQUEST, $result_file, $extra_attributes); $PAGE .= self::get_html_sort_bar($result_file, $_REQUEST); - $PAGE .= '
' . str_replace(PHP_EOL, '
', $result_file->get_description()) . '
' . str_replace(PHP_EOL, '
', pts_strings::sanitize($result_file->get_description())) . '
' . $result_object->get_annotation() . '
'; + $PAGE .= '' . pts_strings::sanitize($result_object->get_annotation()) . '
'; } if($button_area != null) { @@ -1023,7 +1020,6 @@ public static function process_result_export_pre_render(&$request, &$result_file } public static function process_result_modify_pre_render(&$result_file, $can_modify_results = false, $can_delete_results = false) { - if(!isset($_REQUEST['modify']) || ($can_modify_results == false && $can_delete_results == false)) { return; diff --git a/pts-core/phoromatic/pages/phoromatic_account_activity.php b/pts-core/phoromatic/pages/phoromatic_account_activity.php index b35a8ab90e..3520d07423 100644 --- a/pts-core/phoromatic/pages/phoromatic_account_activity.php +++ b/pts-core/phoromatic/pages/phoromatic_account_activity.php @@ -20,7 +20,6 @@ along with this program. If not, see' . $row['ActivityCreator'] . ' ' . $row['ActivityCreatorType'] . ' ' . $row['ActivityEvent'] . ' ' . $row['ActivityEventID'] . ' ' . $row['ActivityEventType'] . '
'; diff --git a/pts-core/phoromatic/pages/phoromatic_admin.php b/pts-core/phoromatic/pages/phoromatic_admin.php index dec2a0e159..488307fdd9 100644 --- a/pts-core/phoromatic/pages/phoromatic_admin.php +++ b/pts-core/phoromatic/pages/phoromatic_admin.php @@ -3,8 +3,8 @@ /* Phoronix Test Suite URLs: http://www.phoronix.com, http://www.phoronix-test-suite.com/ - Copyright (C) 2014 - 2018, Phoronix Media - Copyright (C) 2014 - 2018, Michael Larabel + Copyright (C) 2014 - 2022, Phoronix Media + Copyright (C) 2014 - 2022, Michael Larabel This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,7 +20,6 @@ along with this program. If not, see' . phoromatic_system_id_to_name($test_result_row['SystemID'], $test_result_row['AccountID']) . ' | ' . phoromatic_user_friendly_timedate($test_result_row['UploadTime']) . ' | ' . $test_result_row['TimesViewed'] . ' Times Viewed |
' . phoromatic_server::system_id_to_name($test_result_row['SystemID'], $test_result_row['AccountID']) . ' | ' . phoromatic_user_friendly_timedate($test_result_row['UploadTime']) . ' | ' . $test_result_row['TimesViewed'] . ' Times Viewed |
' . phoromatic_account_id_to_group_name($row['AccountID']) . ' | ' . pts_strings::plural_handler(count(phoromatic_server::systems_associated_with_schedule($row['AccountID'], $row['ScheduleID'])), 'System') . ' | ' . phoromatic_schedule_activeon_string($row['ActiveOn'], $row['RunAt']) . ' | Permanently Remove |
' . phoromatic_server::account_id_to_group_name($row['AccountID']) . ' | ' . pts_strings::plural_handler(count(phoromatic_server::systems_associated_with_schedule($row['AccountID'], $row['ScheduleID'])), 'System') . ' | ' . phoromatic_schedule_activeon_string($row['ActiveOn'], $row['RunAt']) . ' | Permanently Remove |
' . phoromatic_account_id_to_group_name($row['AccountID']) . ' | ' . pts_strings::plural_handler(count(phoromatic_server::systems_associated_with_schedule($row['AccountID'], $row['ScheduleID'])), 'System') . ' | ' . phoromatic_schedule_activeon_string($row['ActiveOn'], $row['RunAt']) . ' | Permanently Remove |
' . phoromatic_server::account_id_to_group_name($row['AccountID']) . ' | ' . pts_strings::plural_handler(count(phoromatic_server::systems_associated_with_schedule($row['AccountID'], $row['ScheduleID'])), 'System') . ' | ' . phoromatic_schedule_activeon_string($row['ActiveOn'], $row['RunAt']) . ' | Permanently Remove |
' . $row['TriggeredOn'] . ' | ' . phoromatic_account_id_to_group_name($row['AccountID']) . ' | Permanently Remove |
' . $row['TriggeredOn'] . ' | ' . phoromatic_server::account_id_to_group_name($row['AccountID']) . ' | Permanently Remove |
' . phoromatic_account_id_to_group_name($row['AccountID']) . ' | ' . $row['LocalIP'] . ' | ' . $row['CurrentTask'] . ' | Last Communication: ' . date('j F Y H:i', strtotime($row['LastCommunication'])) . ' | Permanently Remove |
' . phoromatic_server::account_id_to_group_name($row['AccountID']) . ' | ' . $row['LocalIP'] . ' | ' . $row['CurrentTask'] . ' | Last Communication: ' . date('j F Y H:i', strtotime($row['LastCommunication'])) . ' | Permanently Remove |
' . phoromatic_account_id_to_group_name($row['AccountID']) . ' | ' . $row['LocalIP'] . ' | ' . $row['CurrentTask'] . ' | Last Communication: ' . date('j F Y H:i', strtotime($row['LastCommunication'])) . ' | Permanently Remove |
' . phoromatic_server::account_id_to_group_name($row['AccountID']) . ' | ' . $row['LocalIP'] . ' | ' . $row['CurrentTask'] . ' | Last Communication: ' . date('j F Y H:i', strtotime($row['LastCommunication'])) . ' | Permanently Remove |
This ticket runs the ' . $row['SuiteToRun'] . ' test suite:
'; $main .= '' . phoromatic_system_id_to_name($test_result_row['SystemID']) . ' | ' . phoromatic_user_friendly_timedate($test_result_row['UploadTime']) . ' | ' . $test_result_row['TimesViewed'] . ' Times Viewed |
' . phoromatic_server::system_id_to_name($test_result_row['SystemID']) . ' | ' . phoromatic_user_friendly_timedate($test_result_row['UploadTime']) . ' | ' . $test_result_row['TimesViewed'] . ' Times Viewed |
This page allows you to run a test suite -- consisting of a single or multiple test suites -- on a given set/group of systems right away at their next earliest possibility. This benchmark mode is an alternative to the benchmark schedules for reptitive/routine testing.
'; - $local_suites = array(); foreach(pts_file_io::glob(phoromatic_server::phoromatic_account_suite_path($_SESSION['AccountID']) . '*/suite-definition.xml') as $xml_path) { @@ -384,7 +379,6 @@ public static function render_page_process($PATH) $stmt->bindValue(':account_id', $_SESSION['AccountID']); $result = $stmt->execute(); - if(!$is_new) { $e_schedule['RunTargetSystems'] = explode(',', $e_schedule['RunTargetSystems']); diff --git a/pts-core/phoromatic/pages/phoromatic_build_suite.php b/pts-core/phoromatic/pages/phoromatic_build_suite.php index ec2d907bb6..6c28e56fcf 100644 --- a/pts-core/phoromatic/pages/phoromatic_build_suite.php +++ b/pts-core/phoromatic/pages/phoromatic_build_suite.php @@ -3,8 +3,8 @@ /* Phoronix Test Suite URLs: http://www.phoronix.com, http://www.phoronix-test-suite.com/ - Copyright (C) 2015 - 2018, Phoronix Media - Copyright (C) 2015 - 2018, Michael Larabel + Copyright (C) 2015 - 2022, Phoronix Media + Copyright (C) 2015 - 2022, Michael Larabel This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,7 +20,6 @@ along with this program. If not, seeFind already created local test suites by your account/group via the local suites page.
'; - if(!PHOROMATIC_USER_IS_VIEWER) { $suite = null; @@ -195,7 +195,6 @@ public static function render_page_process($PATH) $main .= pts_web_embed::cookie_checkbox_option_helper('list_show_all_test_versions', 'Show all available test profile versions.'); $main .= ''; } - echo ' ' . $row['Title'] . '
' . phoromatic_system_id_to_name($row['SystemID'], $row['AccountID']) . '
' . $row['Title'] . '
' . phoromatic_server::system_id_to_name($row['SystemID'], $row['AccountID']) . '
** AND, OR, and NOT search operators supported for tests/hardware/software search fields. **
'; + $main .= 'This option will soft-delete systems that have not communicated with this Phoromatic Server in more than one week (7 days).
'; - $main .= 'Test schedules are used for tests that are intended to be run on a recurring basis -- either daily or other defined time period -- or whenever a trigger/event occurs, like a new Git commit to a software repository being tracked. Test schedules can be run on any given system(s)/group(s) and can be later edited.
'; - if(!PHOROMATIC_USER_IS_VIEWER) + if(!PHOROMATIC_USER_IS_VIEWER) + { + $main .= ' +Create a schedule followed by adding tests/suites to run for that schedule on the selected systems.
'; + } + + $main .= 'Create a schedule followed by adding tests/suites to run for that schedule on the selected systems.
'; + $stmt_tests = phoromatic_server::$db->prepare('SELECT COUNT(*) AS TestCount FROM phoromatic_schedules_tests WHERE AccountID = :account_id AND ScheduleID = :schedule_id ORDER BY TestProfile ASC'); + $stmt_tests->bindValue(':account_id', $_SESSION['AccountID']); + $stmt_tests->bindValue(':schedule_id', $row['ScheduleID']); + $result_tests = $stmt_tests->execute(); + $row_tests = $result_tests->fetchArray(); + $test_count = !empty($row_tests) ? $row_tests['TestCount'] : 0; + + $group_count = empty($row['RunTargetGroups']) ? 0 : count(explode(',', $row['RunTargetGroups'])); + $main .= '' . pts_strings::plural_handler(count(phoromatic_server::systems_associated_with_schedule($_SESSION['AccountID'], $row['ScheduleID'])), 'System') . ' | ' . pts_strings::plural_handler($group_count, 'Group') . ' | ' . pts_strings::plural_handler($test_count, 'Test') . ' | ' . pts_strings::plural_handler(phoromatic_results_for_schedule($row['ScheduleID']), 'Result') . ' Total | ' . pts_strings::plural_handler(phoromatic_results_for_schedule($row['ScheduleID'], 'TODAY'), 'Result') . ' Today | ' . phoromatic_schedule_activeon_string($row['ActiveOn'], $row['RunAt']) . ' |
' . pts_strings::plural_handler(count(phoromatic_server::systems_associated_with_schedule($_SESSION['AccountID'], $row['ScheduleID'])), 'System') . ' | ' . pts_strings::plural_handler($group_count, 'Group') . ' | ' . pts_strings::plural_handler($test_count, 'Test') . ' | ' . pts_strings::plural_handler(phoromatic_results_for_schedule($row['ScheduleID']), 'Result') . ' Total | ' . pts_strings::plural_handler(phoromatic_results_for_schedule($row['ScheduleID'], 'TODAY'), 'Result') . ' Today | ' . phoromatic_schedule_activeon_string($row['ActiveOn'], $row['RunAt']) . ' |
Run a benchmark is the area where you can run a one-time benchmark on selected system(s) and is also where to go for setting up a stress-run benchmark.
-Build a suite, which is a collection of predefined test profiles.
-See local suites available for your benchmarking needs.
'; + $main .= 'Run a benchmark is the area where you can run a one-time benchmark on selected system(s) and is also where to go for setting up a stress-run benchmark.
+Build a suite, which is a collection of predefined test profiles.
+See local suites available for your benchmarking needs.
'; + } + + echo 'A group name is an alternative, user-facing name for this set of accounts. The group name feature is primarily useful for being able to better distinguish results between groups when sharing of data within a large organization, etc. The group name is showed next to test results when viewing results from multiple groups/accounts.
To fix this error, try returning to the previous page. Still having problems? Consider opening a GitHub issue report; commercial support customers should contact Phoronix Media.
' . $result_file->get_description() . '
'; - $main .= phoromatic_annotate_entry('RESULT', implode(',', $result_ids), 'TOP'); - - if($result_file->get_system_count() == 1 || ($intent = pts_result_file_analyzer::analyze_result_file_intent($result_file, $intent, true))) - { - $table = new pts_ResultFileCompactSystemsTable($result_file, $intent); - } - else - { - $table = new pts_ResultFileSystemsTable($result_file); - } - - $main .= '' . pts_render::render_graph_inline_embed($table, $result_file, $extra_attributes) . '
'; - - $table = new pts_ResultFileTable($result_file, $intent); - $main .= '' . pts_render::render_graph_inline_embed($table, $result_file, $extra_attributes) . '
'; - $main .= ''; - $main .= pts_render::render_graph_inline_embed($result_object, $result_file, $extra_attributes); - $main .= '
'; - } - $main .= '' . phoromatic_system_id_to_name($test_result_row['SystemID'], $test_result_row['AccountID']) . ' | ' . phoromatic_user_friendly_timedate($test_result_row['UploadTime']) . ' | ' . $test_result_row['TimesViewed'] . ' Times Viewed |
' . phoromatic_server::system_id_to_name($test_result_row['SystemID'], $test_result_row['AccountID']) . ' | ' . phoromatic_user_friendly_timedate($test_result_row['UploadTime']) . ' | ' . $test_result_row['TimesViewed'] . ' Times Viewed |