Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some fixes to make the cycle feature and hover graphs work in recent Cacti versions #9

Merged
merged 3 commits into from
Jul 23, 2020
Merged

Some fixes to make the cycle feature and hover graphs work in recent Cacti versions #9

merged 3 commits into from
Jul 23, 2020

Conversation

jamesbtate
Copy link

@jamesbtate jamesbtate commented Jul 9, 2020
edited
Loading

The "cycle" feature when viewing weathermaps was broken. The path to a JS file was wrong in the HTML in the main PHP file and a small change was needed in the map-cycle.js file.

The "hover" graphs on Weathermaps were not working because Cacti's CSP header does not allow the many unsafe/insecure calls to eval() and setTimeout() in overlib.js.

Both these problems can be seen in the browser's JS console when trying to cycle weathermaps.

It appears overlib.js has not been maintained for quite a while. I fixed some of the unsafe calls myself and left many unsafe calls that were not encountered in my usage of this Weathermap plugin in Cacti 1.2.10. It is time-consuming to fix these calls because many are a just different enough to make a reasonable regex replacement not work.

jtateodu added 2 commits July 8, 2020 16:57
@jtateodu
Fix path to jquery-idletimer JS file in HTML
8679a8e
@jtateodu
Fix some of the archaic usages of eval() and setTimeout()
8b789da 
There were 87 calls to eval() which is generally considered bad
practice and current Cacti CSP instructs browsers to block
these calls.

There were also multiple legacy-insecure calls to setTimeout()
using strings instead of functions with the same security problem.

In this commit, some of these insecure funciton calls have been fixed to
pass the current default Cacti CSP for 'script-src' which is 'self'.
This is defined in an HTTP header in Cacti version 1.2.10 at
<Cacti Root>/include/global.php:409
@jamesbtate jamesbtate changed the title Some fixes to make the cycle feature work in recent Cacti versions Some fixes to make the cycle feature and hover graphs work in recent Cacti versions Jul 9, 2020
@jtateodu
Uncomment and fix call to WMcycler.forceReload()
ba2a12b 
This is needed to make weathermap cycling work outside the
full-screen mode.
@thurban thurban merged commit 2314cf1 into Cacti:master Jul 23, 2020
@edjchristopher edjchristopher mentioned this pull request Jan 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamesbtate @thurban @jtateodu