You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2018-04-24 11:47:52

stoatwblr
Member
Registered: 2014-04-13
Posts: 118

BUG/Enhancement: Sanity checking/sanitising network ports fields

Problem #1

Leading/trailing whitespace isn't being stripped from MAC and "network name" fields (this sometimes happens when copy/pasting), resulting in errors (or worse, the entry being accepted, as-is)

(comment, whitespace stripping is done and it is nice to see sanitisation and checking for 0-padded IP-address octets in IP-address field)

Problem #2

MAC sanitisation is not being done.

MACs are a 48-bit unsigned long, however they can be represented by a number of different formats depending on convention

GLPI is only checking for and sanitising _some_ of these. In particular it's failing to catch Comware and Cisco formats and entering them into the table as-is

Examples:

xxyyxxyyxxyy
xx:yy:xx:yy:xx:yy:xx:yy
xx-yy-xx-yy-xx-yy-xx-yy
xxyy-xxyy-xxyy
xx yy xx yy xx yy


Suggested fix:


MACs and IPs should be stored as unsigned longs. There are off-the-shelf perl and PHP modules which will do the conversion in both directions (If using Postgres there is an "Inet" field type which does all this for you).


I realise this means a column conversion would be required during a version upgrade, but having encountered a number of xx-xx-xx-xx-xx-xx examples in our own database due to pastes from an older system and having switches which output reports in xxxx-xxxx-xxxx format that need hand editing by staff every single time they paste something in, i think it would be worthwhile. Apart from anything else it will allow for easier
math-based network handling in future rather than needing to play with expensive string handling

Sanitising leading/trailing whitespace from entry fields would be worthwhile all by itself in terms of reductions in error messages on entry.

Last edited by stoatwblr (2018-04-24 11:48:08)

Offline

Board footer

Powered by FluxBB