From fb20e9a177f88b39f080c5a761901b9fb6efc85a Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Thu, 9 Apr 2026 13:59:10 -0700 Subject: [PATCH 01/14] refactor: add strict typing and clean up standalone infra --- .omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json | 8 ++++++++ .omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json | 8 ++++++++ Net/DNS2.php | 2 ++ Net/DNS2/BitMap.php | 2 ++ Net/DNS2/Cache.php | 2 ++ Net/DNS2/Cache/File.php | 2 ++ Net/DNS2/Cache/Shm.php | 2 ++ Net/DNS2/Exception.php | 2 ++ Net/DNS2/Header.php | 2 ++ Net/DNS2/Lookups.php | 2 ++ Net/DNS2/Notifier.php | 2 ++ Net/DNS2/Packet.php | 2 ++ Net/DNS2/Packet/Request.php | 2 ++ Net/DNS2/Packet/Response.php | 2 ++ Net/DNS2/PrivateKey.php | 2 ++ Net/DNS2/Question.php | 2 ++ Net/DNS2/RR.php | 2 ++ Net/DNS2/RR/A.php | 2 ++ Net/DNS2/RR/AAAA.php | 2 ++ Net/DNS2/RR/AFSDB.php | 2 ++ Net/DNS2/RR/AMTRELAY.php | 2 ++ Net/DNS2/RR/ANY.php | 2 ++ Net/DNS2/RR/APL.php | 2 ++ Net/DNS2/RR/ATMA.php | 2 ++ Net/DNS2/RR/AVC.php | 2 ++ Net/DNS2/RR/CAA.php | 2 ++ Net/DNS2/RR/CDNSKEY.php | 2 ++ Net/DNS2/RR/CDS.php | 2 ++ Net/DNS2/RR/CERT.php | 2 ++ Net/DNS2/RR/CNAME.php | 2 ++ Net/DNS2/RR/CSYNC.php | 2 ++ Net/DNS2/RR/DHCID.php | 2 ++ Net/DNS2/RR/DLV.php | 2 ++ Net/DNS2/RR/DNAME.php | 2 ++ Net/DNS2/RR/DNSKEY.php | 2 ++ Net/DNS2/RR/DS.php | 2 ++ Net/DNS2/RR/EID.php | 2 ++ Net/DNS2/RR/EUI48.php | 2 ++ Net/DNS2/RR/EUI64.php | 2 ++ Net/DNS2/RR/HINFO.php | 2 ++ Net/DNS2/RR/HIP.php | 2 ++ Net/DNS2/RR/IPSECKEY.php | 2 ++ Net/DNS2/RR/ISDN.php | 2 ++ Net/DNS2/RR/KEY.php | 2 ++ Net/DNS2/RR/KX.php | 2 ++ Net/DNS2/RR/L32.php | 2 ++ Net/DNS2/RR/L64.php | 2 ++ Net/DNS2/RR/LOC.php | 2 ++ Net/DNS2/RR/LP.php | 2 ++ Net/DNS2/RR/MX.php | 2 ++ Net/DNS2/RR/NAPTR.php | 2 ++ Net/DNS2/RR/NID.php | 2 ++ Net/DNS2/RR/NIMLOC.php | 2 ++ Net/DNS2/RR/NS.php | 2 ++ Net/DNS2/RR/NSAP.php | 2 ++ Net/DNS2/RR/NSEC.php | 2 ++ Net/DNS2/RR/NSEC3.php | 2 ++ Net/DNS2/RR/NSEC3PARAM.php | 2 ++ Net/DNS2/RR/OPENPGPKEY.php | 2 ++ Net/DNS2/RR/OPT.php | 2 ++ Net/DNS2/RR/PTR.php | 2 ++ Net/DNS2/RR/PX.php | 2 ++ Net/DNS2/RR/RP.php | 2 ++ Net/DNS2/RR/RRSIG.php | 2 ++ Net/DNS2/RR/RT.php | 2 ++ Net/DNS2/RR/SIG.php | 2 ++ Net/DNS2/RR/SMIMEA.php | 2 ++ Net/DNS2/RR/SOA.php | 2 ++ Net/DNS2/RR/SPF.php | 2 ++ Net/DNS2/RR/SRV.php | 2 ++ Net/DNS2/RR/SSHFP.php | 2 ++ Net/DNS2/RR/TA.php | 2 ++ Net/DNS2/RR/TALINK.php | 2 ++ Net/DNS2/RR/TKEY.php | 2 ++ Net/DNS2/RR/TLSA.php | 2 ++ Net/DNS2/RR/TSIG.php | 2 ++ Net/DNS2/RR/TXT.php | 2 ++ Net/DNS2/RR/TYPE65534.php | 2 ++ Net/DNS2/RR/URI.php | 2 ++ Net/DNS2/RR/WKS.php | 2 ++ Net/DNS2/RR/X25.php | 2 ++ Net/DNS2/Resolver.php | 2 ++ Net/DNS2/Socket.php | 2 ++ Net/DNS2/Socket/Sockets.php | 2 ++ Net/DNS2/Socket/Streams.php | 2 ++ Net/DNS2/Updater.php | 2 ++ images/index.php | 2 ++ includes/database.php | 2 ++ index.php | 2 ++ lib/index.php | 2 ++ lib/mactrack_3com.php | 2 ++ lib/mactrack_aruba_oscx.php | 2 ++ lib/mactrack_cabletron.php | 2 ++ lib/mactrack_cisco.php | 2 ++ lib/mactrack_dell.php | 2 ++ lib/mactrack_dlink.php | 2 ++ lib/mactrack_enterasys.php | 2 ++ lib/mactrack_enterasys_N7.php | 2 ++ lib/mactrack_extreme.php | 2 ++ lib/mactrack_foundry.php | 2 ++ lib/mactrack_functions.php | 2 ++ lib/mactrack_h3c_3com.php | 2 ++ lib/mactrack_hp.php | 2 ++ lib/mactrack_hp_ng.php | 2 ++ lib/mactrack_hp_ngi.php | 2 ++ lib/mactrack_juniper.php | 2 ++ lib/mactrack_linux.php | 2 ++ lib/mactrack_norbay.php | 2 ++ lib/mactrack_norbay_ng.php | 2 ++ lib/mactrack_tplink.php | 2 ++ lib/mactrack_trendnet.php | 2 ++ lib/mactrack_vendors.php | 2 ++ locales/LC_MESSAGES/index.php | 2 ++ locales/index.php | 2 ++ locales/po/index.php | 2 ++ mactrack_actions.php | 2 ++ mactrack_ajax.php | 2 ++ mactrack_ajax_admin.php | 2 ++ mactrack_device_types.php | 2 ++ mactrack_devices.php | 2 ++ mactrack_import_ouidb.php | 2 ++ mactrack_macauth.php | 2 ++ mactrack_macwatch.php | 2 ++ mactrack_resolver.php | 2 ++ mactrack_scanner.php | 2 ++ mactrack_sites.php | 2 ++ mactrack_snmp.php | 2 ++ mactrack_utilities.php | 2 ++ mactrack_vendormacs.php | 2 ++ mactrack_view_arp.php | 2 ++ mactrack_view_devices.php | 2 ++ mactrack_view_dot1x.php | 2 ++ mactrack_view_graphs.php | 2 ++ mactrack_view_interfaces.php | 2 ++ mactrack_view_ips.php | 2 ++ mactrack_view_macs.php | 2 ++ mactrack_view_sites.php | 2 ++ setup.php | 2 ++ 138 files changed, 288 insertions(+) create mode 100644 .omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json create mode 100644 .omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json diff --git a/.omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json b/.omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json new file mode 100644 index 0000000..8680bd2 --- /dev/null +++ b/.omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json @@ -0,0 +1,8 @@ +{ + "session_id": "b398cee1-3730-4624-a0f1-d0e0120b23cb", + "ended_at": "2026-04-09T11:02:04.207Z", + "reason": "other", + "agents_spawned": 1, + "agents_completed": 0, + "modes_used": [] +} \ No newline at end of file diff --git a/.omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json b/.omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json new file mode 100644 index 0000000..13e32ad --- /dev/null +++ b/.omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json @@ -0,0 +1,8 @@ +{ + "session_id": "ce3e60e4-0e62-483a-8587-78da29248e14", + "ended_at": "2026-04-09T11:13:19.465Z", + "reason": "other", + "agents_spawned": 1, + "agents_completed": 0, + "modes_used": [] +} \ No newline at end of file diff --git a/Net/DNS2.php b/Net/DNS2.php index 2a6360d..e29e207 100644 --- a/Net/DNS2.php +++ b/Net/DNS2.php @@ -1,5 +1,7 @@ Date: Thu, 9 Apr 2026 14:02:38 -0700 Subject: [PATCH 02/14] refactor: safe PHP 7.4 modernization (arrays, null coalescing) --- Net/DNS2.php | 2 +- Net/DNS2/Cache/File.php | 4 ++-- Net/DNS2/Cache/Shm.php | 4 ++-- Net/DNS2/Notifier.php | 2 +- Net/DNS2/Updater.php | 18 +++++++++--------- lib/mactrack_3com.php | 4 ++-- lib/mactrack_aruba_oscx.php | 8 ++++---- lib/mactrack_cabletron.php | 8 ++++---- lib/mactrack_cisco.php | 6 +++--- lib/mactrack_dell.php | 4 ++-- lib/mactrack_dlink.php | 4 ++-- lib/mactrack_enterasys_N7.php | 4 ++-- lib/mactrack_functions.php | 22 +++++++++++----------- lib/mactrack_h3c_3com.php | 10 +++++----- lib/mactrack_juniper.php | 4 ++-- lib/mactrack_linux.php | 4 ++-- lib/mactrack_trendnet.php | 4 ++-- mactrack_actions.php | 6 +++--- mactrack_convert.php | 4 ++-- mactrack_device_types.php | 4 ++-- mactrack_devices.php | 4 ++-- mactrack_scanner.php | 6 +++--- mactrack_view_interfaces.php | 4 ++-- mactrack_view_ips.php | 2 +- poller_mactrack.php | 2 +- 25 files changed, 72 insertions(+), 72 deletions(-) diff --git a/Net/DNS2.php b/Net/DNS2.php index e29e207..1b40e1e 100644 --- a/Net/DNS2.php +++ b/Net/DNS2.php @@ -271,7 +271,7 @@ public function setServers($nameservers) { // // otherwise, see if it's a path to a resolv.conf file and if so, load it // - if (is_array($nameservers)) { + if (is_[$nameservers]) { $this->nameservers = $nameservers; } else { // diff --git a/Net/DNS2/Cache/File.php b/Net/DNS2/Cache/File.php index b44e422..58a74e5 100644 --- a/Net/DNS2/Cache/File.php +++ b/Net/DNS2/Cache/File.php @@ -72,7 +72,7 @@ public function open($cache_file, $size, $serializer) { $decoded = unserialize($data); } - if (is_array($decoded) == true) { + if (is_[$decoded] == true) { $this->cache_data = $decoded; } else { $this->cache_data = []; @@ -150,7 +150,7 @@ public function __destruct() { $decoded = unserialize($data); } - if (is_array($decoded) == true) { + if (is_[$decoded] == true) { $this->cache_data = array_merge($c, $decoded); } } diff --git a/Net/DNS2/Cache/Shm.php b/Net/DNS2/Cache/Shm.php index d24827b..7081634 100644 --- a/Net/DNS2/Cache/Shm.php +++ b/Net/DNS2/Cache/Shm.php @@ -109,7 +109,7 @@ public function open($cache_file, $size, $serializer) { $decoded = unserialize($data); } - if (is_array($decoded) == true) { + if (is_[$decoded] == true) { $this->cache_data = $decoded; } else { $this->cache_data = []; @@ -200,7 +200,7 @@ public function __destruct() { $decoded = unserialize($data); } - if (is_array($decoded) == true) { + if (is_[$decoded] == true) { $this->cache_data = array_merge($c, $decoded); } } diff --git a/Net/DNS2/Notifier.php b/Net/DNS2/Notifier.php index 6256b7f..40c7d40 100644 --- a/Net/DNS2/Notifier.php +++ b/Net/DNS2/Notifier.php @@ -100,7 +100,7 @@ public function add(Net_DNS2_RR $rr) { // // add the RR to the "notify" section // - if (!in_array($rr, $this->_packet->answer, true)) { + if (!in_[$rr, $this->_packet->answer, true]) { $this->_packet->answer[] = $rr; } diff --git a/Net/DNS2/Updater.php b/Net/DNS2/Updater.php index bb4fddc..456f1f0 100644 --- a/Net/DNS2/Updater.php +++ b/Net/DNS2/Updater.php @@ -122,7 +122,7 @@ public function add(Net_DNS2_RR $rr) { // // add the RR to the "update" section // - if (!in_array($rr, $this->_packet->authority, true)) { + if (!in_[$rr, $this->_packet->authority, true]) { $this->_packet->authority[] = $rr; } @@ -155,7 +155,7 @@ public function delete(Net_DNS2_RR $rr) { // // add the RR to the "update" section // - if (!in_array($rr, $this->_packet->authority, true)) { + if (!in_[$rr, $this->_packet->authority, true]) { $this->_packet->authority[] = $rr; } @@ -205,7 +205,7 @@ public function deleteAny($name, $type) { // // add the RR to the "update" section // - if (!in_array($rr, $this->_packet->authority, true)) { + if (!in_[$rr, $this->_packet->authority, true]) { $this->_packet->authority[] = $rr; } @@ -248,7 +248,7 @@ public function deleteAll($name) { // // add the RR to the "update" section // - if (!in_array($rr, $this->_packet->authority, true)) { + if (!in_[$rr, $this->_packet->authority, true]) { $this->_packet->authority[] = $rr; } @@ -301,7 +301,7 @@ public function checkExists($name, $type) { // // add the RR to the "prerequisite" section // - if (!in_array($rr, $this->_packet->answer, true)) { + if (!in_[$rr, $this->_packet->answer, true]) { $this->_packet->answer[] = $rr; } @@ -338,7 +338,7 @@ public function checkValueExists(Net_DNS2_RR $rr) { // // add the RR to the "prerequisite" section // - if (!in_array($rr, $this->_packet->answer, true)) { + if (!in_[$rr, $this->_packet->answer, true]) { $this->_packet->answer[] = $rr; } @@ -392,7 +392,7 @@ public function checkNotExists($name, $type) { // // add the RR to the "prerequisite" section // - if (!in_array($rr, $this->_packet->answer, true)) { + if (!in_[$rr, $this->_packet->answer, true]) { $this->_packet->answer[] = $rr; } @@ -440,7 +440,7 @@ public function checkNameInUse($name) { // // add the RR to the "prerequisite" section // - if (!in_array($rr, $this->_packet->answer, true)) { + if (!in_[$rr, $this->_packet->answer, true]) { $this->_packet->answer[] = $rr; } @@ -485,7 +485,7 @@ public function checkNameNotInUse($name) { // // add the RR to the "prerequisite" section // - if (!in_array($rr, $this->_packet->answer, true)) { + if (!in_[$rr, $this->_packet->answer, true]) { $this->_packet->answer[] = $rr; } diff --git a/lib/mactrack_3com.php b/lib/mactrack_3com.php index 6f7c1c2..9c53429 100644 --- a/lib/mactrack_3com.php +++ b/lib/mactrack_3com.php @@ -174,7 +174,7 @@ function get_3Com_base_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $s $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.4.3.1.2', $device, $snmp_readstring); // get the ignore ports list from device // $device['ignorePorts'] = $device['ignorePorts'].':Port1/50'; - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; /* determine user ports for this device and transfer user ports to a new array. @@ -187,7 +187,7 @@ function get_3Com_base_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $s ($port_number <= $highPort))) { $ifname = $ifInterfaces[$bridgePortIfIndexes[$port_number]]['ifName']; - if (!in_array($ifname, $ignore_ports, true)) { + if (!in_[$ifname, $ignore_ports, true]) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_aruba_oscx.php b/lib/mactrack_aruba_oscx.php index 2720993..40dfca9 100644 --- a/lib/mactrack_aruba_oscx.php +++ b/lib/mactrack_aruba_oscx.php @@ -78,7 +78,7 @@ function get_aruba_oscx_switch_ports($site, &$device, $lowPort = 0, $highPort = /* vlan_ids: - array(8) { + [8] { [1]=> string(1) "1" [102]=> @@ -89,7 +89,7 @@ function get_aruba_oscx_switch_ports($site, &$device, $lowPort = 0, $highPort = string(3) "122" vlan_names: - array(8) { + [8] { [1]=> string(9) "VLAN 0001" [102]=> @@ -307,7 +307,7 @@ function get_aruba_oscx_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $ mactrack_debug('get vlan_ids: ' . cacti_sizeof($vlan_ids)); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; $xdata = xform_indexed_data('.1.3.6.1.2.1.17.7.1.2.2.1.2', $device, 7); $port_vlan_data = []; @@ -328,7 +328,7 @@ function get_aruba_oscx_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $ if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = substr($key,1); $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_cabletron.php b/lib/mactrack_cabletron.php index a92f1eb..abe4a20 100644 --- a/lib/mactrack_cabletron.php +++ b/lib/mactrack_cabletron.php @@ -77,7 +77,7 @@ function get_base_sfps_ports($site, &$device, &$ifInterfaces, $snmp_readstring, $indexes = array_keys($active_ports_array); // get the ignore ports list - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; $i = 0; @@ -116,7 +116,7 @@ function get_base_sfps_ports($site, &$device, &$ifInterfaces, $snmp_readstring, $mac_address = $sfps_A_mac_addresses[$sfps_A_keys[$j]]; if (($port_number >= $lowPort) && ($port_number <= $highPort)) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { $temp_port_A_array[$i]['port_number'] = $port_number; $temp_port_A_array[$i]['mac_address'] = xform_mac_address($mac_address); $i++; @@ -212,7 +212,7 @@ function get_repeater_rev4_ports($site, &$device, $lowPort, $highPort) { $device['snmp_port'], $device['snmp_timeout'], $device['snmp_retries']) - 1; // get the ignore ports list - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; mactrack_debug('INFO: HOST: ' . $device['hostname'] . ', TYPE: ' . substr($device['snmp_sysDescr'],0,40) . ', TOTAL PORTS: ' . $ports_total . ', ACTIVE PORTS: ' . $ports_active); @@ -259,7 +259,7 @@ function get_repeater_rev4_ports($site, &$device, $lowPort, $highPort) { } if (($port_number <= $highPort) && ($port_number >= $lowPort)) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { // set defaults for devices in case they don't have/support vlans $new_port_key_array[$i]['vlan_id'] = 'N/A'; $new_port_key_array[$i]['vlan_name'] = 'N/A'; diff --git a/lib/mactrack_cisco.php b/lib/mactrack_cisco.php index 37034fb..a332a04 100644 --- a/lib/mactrack_cisco.php +++ b/lib/mactrack_cisco.php @@ -413,7 +413,7 @@ function get_IOS_dot1dTpFdbEntry_ports($site, &$device, $lowPort = 0, $highPort } // VLAN-ID to skip - if (in_array($vlan_number, $skip_vlans, true)) { + if (in_[$vlan_number, $skip_vlans, true]) { mactrack_debug('VLAN Analysis for VLAN: ' . $vlan_number . '/' . $vlanName . ' is skipped. *** ALWAYS FORCED ***'); continue; @@ -421,7 +421,7 @@ function get_IOS_dot1dTpFdbEntry_ports($site, &$device, $lowPort = 0, $highPort // VLAN-ID to scan if (count($scan_vlans) > 0) { - if (!in_array($vlan_number, $scan_vlans, true)) { + if (!in_[$vlan_number, $scan_vlans, true]) { mactrack_debug('VLAN Analysis for VLAN: ' . $vlan_number . '/' . $vlanName . ' is skipped. *** NOT CONFIGURED ***'); continue; @@ -540,7 +540,7 @@ function get_IOS_dot1dTpFdbEntry_ports($site, &$device, $lowPort = 0, $highPort if ($ifType == 6 || $ifType == 53 || $ifType == 161) { if (($portTrunkStatus == '2') || // (empty($portTrunkStatus)) || - (in_array($portNumber, $scan_trunk_port, true)) || + (in_[$portNumber, $scan_trunk_port, true]) || (($vVlanID > 0) && ($vVlanID <= 1000))) { $port_array[$i]['vlan_id'] = $active_vlan['vlan_id']; $port_array[$i]['vlan_name'] = $active_vlan['vlan_name']; diff --git a/lib/mactrack_dell.php b/lib/mactrack_dell.php index a1280a8..ec7e9f2 100644 --- a/lib/mactrack_dell.php +++ b/lib/mactrack_dell.php @@ -137,7 +137,7 @@ function get_base_dell_dot1qFdb_ports($site, &$device, &$ifInterfaces, $snmp_rea $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.7.1.2.2.1.2', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; // get the bridge root port so we don't capture active ports on it $bridge_root_port = @cacti_snmp_get($device['hostname'], $snmp_readstring, @@ -158,7 +158,7 @@ function get_base_dell_dot1qFdb_ports($site, &$device, &$ifInterfaces, $snmp_rea (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if ((isset($port_status[$key]) && $port_status[$key] == '3') || (isset($port_status[$key]) && $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_dlink.php b/lib/mactrack_dlink.php index 4249d1b..3958367 100644 --- a/lib/mactrack_dlink.php +++ b/lib/mactrack_dlink.php @@ -143,7 +143,7 @@ function get_dlink_l2_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $sn $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.7.1.2.2.1.2', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; // determine user ports for this device and transfer user ports to a new array. $i = 0; @@ -153,7 +153,7 @@ function get_dlink_l2_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $sn if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if ((@$port_status[$key] == '3') || (@$port_status[$key] == '1')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_enterasys_N7.php b/lib/mactrack_enterasys_N7.php index c736a60..d959850 100644 --- a/lib/mactrack_enterasys_N7.php +++ b/lib/mactrack_enterasys_N7.php @@ -238,7 +238,7 @@ function get_enterasys_N7_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, // print_r($vlan_ids); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; /* determine user ports for this device and transfer user ports to a new array. @@ -251,7 +251,7 @@ function get_enterasys_N7_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php index cee50f6..a8254bc 100644 --- a/lib/mactrack_functions.php +++ b/lib/mactrack_functions.php @@ -385,7 +385,7 @@ function find_scanning_function(&$device, &$device_types) { * @param mixed $port_list * @param mixed $delimiter */ -function port_list_to_array($port_list, $delimiter = ':') { +function port_list_to_[$port_list, $delimiter = ':'] { $port_array = []; if (read_config_option('mt_ignorePorts_delim') == '-1') { @@ -1359,7 +1359,7 @@ function get_base_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_r $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.4.3.1.2', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; /* determine user ports for this device and transfer user ports to a new array. @@ -1371,7 +1371,7 @@ function get_base_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_r if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if ((isset($port_status[$key]) && $port_status[$key] == '3') || (isset($port_status[$key]) && $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; @@ -1584,7 +1584,7 @@ function get_base_wireless_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.4.3.1.2', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; // get the bridge root port so we don't capture active ports on it $bridge_root_port = @cacti_snmp_get($device['hostname'], $snmp_readstring, @@ -1605,7 +1605,7 @@ function get_base_wireless_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if ((@$port_status[$key] == '3') || (@$port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; @@ -1764,7 +1764,7 @@ function get_base_dot1qTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_r $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.7.1.2.2.1.2', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; // get the bridge root port so we don't capture active ports on it $bridge_root_port = @cacti_snmp_get($device['hostname'], $snmp_readstring, @@ -1785,7 +1785,7 @@ function get_base_dot1qTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_r (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if ((isset($port_status[$key]) && $port_status[$key] == '3') || (isset($port_status[$key]) && $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; @@ -2695,7 +2695,7 @@ function import_oui_database($type = 'ui', $oui_file = 'http://standards-oui.iee print ''; } - if (is_array($oui_database)) { + if (is_[$oui_database]) { print __('OUI Database Download from IEEE Complete', 'mactrack') . PHP_EOL; } else { print __('OUI Database Download from IEEE FAILED', 'mactrack') . PHP_EOL; @@ -2705,7 +2705,7 @@ function import_oui_database($type = 'ui', $oui_file = 'http://standards-oui.iee print ''; } - if (is_array($oui_database)) { + if (is_[$oui_database]) { db_execute('UPDATE mac_track_oui_database SET present=0'); // initialize some variables @@ -3735,13 +3735,13 @@ function exportRows() { if (!function_exists('cacti_sizeof')) { function cacti_sizeof($array) { - return ($array === false || !is_array($array)) ? 0 : sizeof($array); + return ($array === false || !is_[$array]) ? 0 : sizeof($array); } } if (!function_exists('cacti_count')) { function cacti_count($array) { - return ($array === false || !is_array($array)) ? 0 : count($array); + return ($array === false || !is_[$array]) ? 0 : count($array); } } diff --git a/lib/mactrack_h3c_3com.php b/lib/mactrack_h3c_3com.php index 7809643..8f2ad03 100644 --- a/lib/mactrack_h3c_3com.php +++ b/lib/mactrack_h3c_3com.php @@ -60,7 +60,7 @@ function get_h3c_3com_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) /* vlan_ids: - array(8) { + [8] { [1]=> string(1) "1" [102]=> @@ -71,7 +71,7 @@ function get_h3c_3com_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) string(3) "122" vlan_names: - array(8) { + [8] { [1]=> string(9) "VLAN 0001" [102]=> @@ -88,7 +88,7 @@ function get_h3c_3com_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) $port_vlan_data = xform_standard_indexed_data('.1.3.6.1.2.1.17.7.1.4.5.1.1', $device); /* - array(31) { + [31] { [1]=> string(1) "1" [2]=> @@ -281,7 +281,7 @@ function get_h3c_3com_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $sn mactrack_debug('get vlan_ids: ' . cacti_sizeof($vlan_ids)); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; $vlan_names = xform_standard_indexed_data('.1.3.6.1.4.1.25506.8.35.2.1.1.1.2', $device); $port_vlan_data = xform_standard_indexed_data('.1.3.6.1.2.1.17.7.1.4.5.1.1', $device); @@ -297,7 +297,7 @@ function get_h3c_3com_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $sn if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_juniper.php b/lib/mactrack_juniper.php index 294bee8..110433c 100644 --- a/lib/mactrack_juniper.php +++ b/lib/mactrack_juniper.php @@ -81,7 +81,7 @@ function get_JEX_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) { $portDescription = xform_standard_indexed_data('.1.0.8802.1.1.2.1.3.7.1.4', $device); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; foreach ($ifIndexes as $ifIndex) { $ifInterfaces[$ifIndex]['trunkPortState'] = mactrack_arr_key($vlan_trunkstatus, $ifIndex); @@ -163,7 +163,7 @@ function get_JEX_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) { $newPorts = []; foreach ($port_array as $port) { - if (in_array($port['port_number'], $ignore_ports, true) === false) { + if (in_[$port['port_number'], $ignore_ports, true] === false) { array_push($newPorts, $port); } } diff --git a/lib/mactrack_linux.php b/lib/mactrack_linux.php index 37630a0..b9b4098 100644 --- a/lib/mactrack_linux.php +++ b/lib/mactrack_linux.php @@ -145,7 +145,7 @@ function get_linux_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_ $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.4.22.1.1', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; /* determine user ports for this device and transfer user ports to a new array. @@ -156,7 +156,7 @@ function get_linux_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_ if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_trendnet.php b/lib/mactrack_trendnet.php index cad6426..18e6899 100644 --- a/lib/mactrack_trendnet.php +++ b/lib/mactrack_trendnet.php @@ -162,7 +162,7 @@ function get_base_trendnet_dot1qFdb_ports($site, &$device, &$ifInterfaces, $snmp $port_numbers = xform_stripped_oid('.1.3.6.1.2.1.17.7.1.2.2.1.2', $device, $snmp_readstring); // get the ignore ports list from device - $ignore_ports = port_list_to_array($device['ignorePorts']); + $ignore_ports = port_list_to_[$device['ignorePorts']]; // get the bridge root port so we don't capture active ports on it $bridge_root_port = @cacti_snmp_get($device['hostname'], $snmp_readstring, @@ -183,7 +183,7 @@ function get_base_trendnet_dot1qFdb_ports($site, &$device, &$ifInterfaces, $snmp (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_array($port_number, $ignore_ports, true)) { + if (!in_[$port_number, $ignore_ports, true]) { if (isset($port_status[$key]) && ($port_status[$key] == '3' || $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/mactrack_actions.php b/mactrack_actions.php index 00ead87..51aeccc 100644 --- a/mactrack_actions.php +++ b/mactrack_actions.php @@ -182,7 +182,7 @@ function sync_cacti_to_mactrack($device) { // now fetch the related device from mac_track_devices, if any $mt_device = db_fetch_row('SELECT * from mac_track_devices WHERE host_id=' . $device['id']); - if (is_array($mt_device) && $mt_device) { + if (is_[$mt_device] && $mt_device) { if (!isset($mt_device['snmp_engine_id'])) { $mt_device['snmp_engine_id'] = ''; } @@ -233,7 +233,7 @@ function sync_cacti_to_mactrack($device) { * @arg $action actions to be performed from dropdown * @param mixed $action */ -function mactrack_device_action_array($action) { +function mactrack_device_action_[$action] { $action['plugin_mactrack_device'] = __('Import into Mactrack Database', 'mactrack'); return $action; @@ -305,7 +305,7 @@ function mactrack_device_action_execute($action) { // now fetch the related device from mac_track_devices, if any $mt_device = db_fetch_row_prepared('SELECT * from mac_track_devices WHERE host_id = ?', [$device['id']]); - if (is_array($device)) { + if (is_[$device]) { // update mac_track_device $device_id = api_mactrack_device_save( (isset($mt_device['device_id']) ? $mt_device['device_id'] : '0'), // not a host column diff --git a/mactrack_convert.php b/mactrack_convert.php index ea5aff3..9bc55f2 100644 --- a/mactrack_convert.php +++ b/mactrack_convert.php @@ -193,11 +193,11 @@ function mactrack_create_partitioned_table($engine = 'InnoDB', $charset, $collat SELECT * FROM mac_track_ports_backups WHERE scan_date = ?', - array($sd['scan_date'])); + [$sd['scan_date']]); db_execute_prepared('DELETE FROM mac_track_ports_backup WHERE scan_date = ?', - array($sd['scan_date'])); + [$sd['scan_date']]); } } */ diff --git a/mactrack_device_types.php b/mactrack_device_types.php index 615e3a3..b668c4a 100644 --- a/mactrack_device_types.php +++ b/mactrack_device_types.php @@ -507,7 +507,7 @@ function mactrack_device_type_import() { ?>

" . __('Cacti has imported the following items:', 'mactrack') . '

'; @@ -750,7 +750,7 @@ function mactrack_device_type_import_processor(&$device_types) { $sql_where = ''; foreach ($line_array as $line_item) { - if (in_array($j, $insert_columns, true)) { + if (in_[$j, $insert_columns, true]) { $line_item = trim(str_replace("'", '', $line_item)); $line_item = trim(str_replace('"', '', $line_item)); diff --git a/mactrack_devices.php b/mactrack_devices.php index a8ccfb4..f170b2a 100644 --- a/mactrack_devices.php +++ b/mactrack_devices.php @@ -502,7 +502,7 @@ function mactrack_device_import() { ?>

" . __('Cacti has imported the following items:', 'mactrack') . '

'; @@ -747,7 +747,7 @@ function mactrack_device_import_processor(&$devices) { if (cacti_sizeof($line_array)) { foreach ($line_array as $line_item) { - if (in_array($j, $insert_columns, true)) { + if (in_[$j, $insert_columns, true]) { $line_item = trim(str_replace("'", '', $line_item)); $line_item = trim(str_replace('"', '', $line_item)); diff --git a/mactrack_scanner.php b/mactrack_scanner.php index dcdee97..96a6538 100644 --- a/mactrack_scanner.php +++ b/mactrack_scanner.php @@ -177,7 +177,7 @@ mactrack_debug('Scanning function is ' . $device_type['scanning_function']); $device['device_type_id'] = $device_type['device_type_id']; $device['scan_type'] = $device_type['device_type']; - $device = call_user_func_array($device_type['scanning_function'], [$site, &$device, $device_type['lowPort'], $device_type['highPort']]); + $device = call_user_func_[$device_type['scanning_function'], [$site, &$device, $device_type['lowPort'], $device_type['highPort']]]; } else { mactrack_debug('WARNING: SITE: ' . $site . ', IP: ' . $device['hostname'] . ', TYPE: ' . (isset($device['snmp_sysDescr']) ? substr($device['snmp_sysDescr'],0,40) : 'N/A') . ', ERROR: Scanning Function \'' . $device_type['scanning_function'] . '\' Does Not Exist.'); $device['last_runmessage'] = 'WARNING: Scanning Function \'' . $device_type['scanning_function'] . '\' Does Not Exist.'; @@ -200,7 +200,7 @@ mactrack_debug('IP Scanning function is ' . $device_type['ip_scanning_function']); $device['device_type_id'] = $device_type['device_type_id']; $device['scan_type'] = $device_type['device_type']; - call_user_func_array($device_type['ip_scanning_function'], [$site, &$device]); + call_user_func_[$device_type['ip_scanning_function'], [$site, &$device]]; } else { mactrack_debug('WARNING: SITE: ' . $site . ', IP: ' . $device['hostname'] . ', TYPE: ' . (isset($device['snmp_sysDescr']) ? substr($device['snmp_sysDescr'],0,40) : 'N/A') . ', ERROR: IP Address Scanning Function \'' . $device_type['ip_scanning_function'] . '\' Does Not Exist.'); $device['last_runmessage'] = 'WARNING: Scanning Function \'' . $device_type['ip_scanning_function'] . '\' Does Not Exist.'; @@ -219,7 +219,7 @@ mactrack_debug('802.1x Scanning function is ' . $device_type['dot1x_scanning_function']); $device['device_type_id'] = $device_type['device_type_id']; $device['scan_type'] = $device_type['device_type']; - call_user_func_array($device_type['dot1x_scanning_function'], [$site, &$device]); + call_user_func_[$device_type['dot1x_scanning_function'], [$site, &$device]]; } else { mactrack_debug('WARNING: SITE: ' . $site . ', IP: ' . $device['hostname'] . ', TYPE: ' . (isset($device['snmp_sysDescr']) ? substr($device['snmp_sysDescr'],0,40) : 'N/A') . ', ERROR: 802.1x Address Scanning Function \'' . $device_type['dot1x_scanning_function'] . '\' Does Not Exist.'); $device['last_runmessage'] = 'WARNING: 802.1x Address Scanning Function \'' . $device_type['dot1x_scanning_function'] . '\' Does Not Exist.'; diff --git a/mactrack_view_interfaces.php b/mactrack_view_interfaces.php index 72720d5..94ad922 100644 --- a/mactrack_view_interfaces.php +++ b/mactrack_view_interfaces.php @@ -288,7 +288,7 @@ function mactrack_view() { $total_rows = db_fetch_cell($rows_query_string); - $display_text = mactrack_display_array(); + $display_text = mactrack_display_[]; $columns = cacti_sizeof($display_text); @@ -359,7 +359,7 @@ function mactrack_view() { bottom_footer(); } -function mactrack_display_array() { +function mactrack_display_[] { $display_text = [ 'nosort' => [ 'display' => __('Actions', 'mactrack'), diff --git a/mactrack_view_ips.php b/mactrack_view_ips.php index b8e4327..a794403 100644 --- a/mactrack_view_ips.php +++ b/mactrack_view_ips.php @@ -111,7 +111,7 @@ function mactrack_view_export_ip_ranges() { array_push($xport_array, '"site_id","site_name","ip_range",' . '"ips_current","ips_current_date","ips_max","ips_max_date"'); - if (is_array($ip_ranges)) { + if (is_[$ip_ranges]) { foreach ($ip_ranges as $ip_range) { array_push($xport_array,'"' . $ip_range['site_id'] . '","' . $ip_range['site_name'] . '","' . diff --git a/poller_mactrack.php b/poller_mactrack.php index 1f9bbd1..15885cd 100644 --- a/poller_mactrack.php +++ b/poller_mactrack.php @@ -827,7 +827,7 @@ function collect_mactrack_data($start, $site_id = 0) { WHERE ip_address != '' GROUP BY ip_range, site_id"); - if (is_array($ip_ranges)) { + if (is_[$ip_ranges]) { foreach ($ip_ranges as $ip_range) { $range_record = db_fetch_row_prepared('SELECT * FROM mac_track_ip_ranges From d533455c7d4e39f19ebccab2d380b7de8c62bed0 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Thu, 9 Apr 2026 21:27:47 -0700 Subject: [PATCH 03/14] fix: restore is_array/in_array calls and remove .omc artifacts Revert corrupted function calls introduced by refactoring tool: - is_[$x] -> is_array($x) - in_[$x, ...] -> in_array($x, ...) - xml2[$x] -> xml2array($x) Also remove accidentally committed .omc session files and add .omc/ to .gitignore. Signed-off-by: Thomas Vincent --- .gitignore | 1 + .../b398cee1-3730-4624-a0f1-d0e0120b23cb.json | 8 -------- .../ce3e60e4-0e62-483a-8587-78da29248e14.json | 8 -------- Net/DNS2.php | 2 +- Net/DNS2/Cache/File.php | 4 ++-- Net/DNS2/Cache/Shm.php | 4 ++-- Net/DNS2/Notifier.php | 2 +- Net/DNS2/Updater.php | 18 +++++++++--------- lib/mactrack_3com.php | 2 +- lib/mactrack_aruba_oscx.php | 2 +- lib/mactrack_cabletron.php | 4 ++-- lib/mactrack_cisco.php | 6 +++--- lib/mactrack_dell.php | 2 +- lib/mactrack_dlink.php | 2 +- lib/mactrack_enterasys_N7.php | 2 +- lib/mactrack_functions.php | 14 +++++++------- lib/mactrack_h3c_3com.php | 2 +- lib/mactrack_juniper.php | 2 +- lib/mactrack_linux.php | 2 +- lib/mactrack_trendnet.php | 2 +- mactrack_actions.php | 4 ++-- mactrack_device_types.php | 4 ++-- mactrack_devices.php | 4 ++-- mactrack_view_interfaces.php | 2 +- mactrack_view_ips.php | 2 +- poller_mactrack.php | 2 +- 26 files changed, 46 insertions(+), 61 deletions(-) delete mode 100644 .omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json delete mode 100644 .omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json diff --git a/.gitignore b/.gitignore index eb71606..32791f0 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ # +-------------------------------------------------------------------------+ locales/po/*.mo +.omc/ diff --git a/.omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json b/.omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json deleted file mode 100644 index 8680bd2..0000000 --- a/.omc/sessions/b398cee1-3730-4624-a0f1-d0e0120b23cb.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "session_id": "b398cee1-3730-4624-a0f1-d0e0120b23cb", - "ended_at": "2026-04-09T11:02:04.207Z", - "reason": "other", - "agents_spawned": 1, - "agents_completed": 0, - "modes_used": [] -} \ No newline at end of file diff --git a/.omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json b/.omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json deleted file mode 100644 index 13e32ad..0000000 --- a/.omc/sessions/ce3e60e4-0e62-483a-8587-78da29248e14.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "session_id": "ce3e60e4-0e62-483a-8587-78da29248e14", - "ended_at": "2026-04-09T11:13:19.465Z", - "reason": "other", - "agents_spawned": 1, - "agents_completed": 0, - "modes_used": [] -} \ No newline at end of file diff --git a/Net/DNS2.php b/Net/DNS2.php index 1b40e1e..e29e207 100644 --- a/Net/DNS2.php +++ b/Net/DNS2.php @@ -271,7 +271,7 @@ public function setServers($nameservers) { // // otherwise, see if it's a path to a resolv.conf file and if so, load it // - if (is_[$nameservers]) { + if (is_array($nameservers)) { $this->nameservers = $nameservers; } else { // diff --git a/Net/DNS2/Cache/File.php b/Net/DNS2/Cache/File.php index 58a74e5..b44e422 100644 --- a/Net/DNS2/Cache/File.php +++ b/Net/DNS2/Cache/File.php @@ -72,7 +72,7 @@ public function open($cache_file, $size, $serializer) { $decoded = unserialize($data); } - if (is_[$decoded] == true) { + if (is_array($decoded) == true) { $this->cache_data = $decoded; } else { $this->cache_data = []; @@ -150,7 +150,7 @@ public function __destruct() { $decoded = unserialize($data); } - if (is_[$decoded] == true) { + if (is_array($decoded) == true) { $this->cache_data = array_merge($c, $decoded); } } diff --git a/Net/DNS2/Cache/Shm.php b/Net/DNS2/Cache/Shm.php index 7081634..d24827b 100644 --- a/Net/DNS2/Cache/Shm.php +++ b/Net/DNS2/Cache/Shm.php @@ -109,7 +109,7 @@ public function open($cache_file, $size, $serializer) { $decoded = unserialize($data); } - if (is_[$decoded] == true) { + if (is_array($decoded) == true) { $this->cache_data = $decoded; } else { $this->cache_data = []; @@ -200,7 +200,7 @@ public function __destruct() { $decoded = unserialize($data); } - if (is_[$decoded] == true) { + if (is_array($decoded) == true) { $this->cache_data = array_merge($c, $decoded); } } diff --git a/Net/DNS2/Notifier.php b/Net/DNS2/Notifier.php index 40c7d40..6256b7f 100644 --- a/Net/DNS2/Notifier.php +++ b/Net/DNS2/Notifier.php @@ -100,7 +100,7 @@ public function add(Net_DNS2_RR $rr) { // // add the RR to the "notify" section // - if (!in_[$rr, $this->_packet->answer, true]) { + if (!in_array($rr, $this->_packet->answer, true)) { $this->_packet->answer[] = $rr; } diff --git a/Net/DNS2/Updater.php b/Net/DNS2/Updater.php index 456f1f0..bb4fddc 100644 --- a/Net/DNS2/Updater.php +++ b/Net/DNS2/Updater.php @@ -122,7 +122,7 @@ public function add(Net_DNS2_RR $rr) { // // add the RR to the "update" section // - if (!in_[$rr, $this->_packet->authority, true]) { + if (!in_array($rr, $this->_packet->authority, true)) { $this->_packet->authority[] = $rr; } @@ -155,7 +155,7 @@ public function delete(Net_DNS2_RR $rr) { // // add the RR to the "update" section // - if (!in_[$rr, $this->_packet->authority, true]) { + if (!in_array($rr, $this->_packet->authority, true)) { $this->_packet->authority[] = $rr; } @@ -205,7 +205,7 @@ public function deleteAny($name, $type) { // // add the RR to the "update" section // - if (!in_[$rr, $this->_packet->authority, true]) { + if (!in_array($rr, $this->_packet->authority, true)) { $this->_packet->authority[] = $rr; } @@ -248,7 +248,7 @@ public function deleteAll($name) { // // add the RR to the "update" section // - if (!in_[$rr, $this->_packet->authority, true]) { + if (!in_array($rr, $this->_packet->authority, true)) { $this->_packet->authority[] = $rr; } @@ -301,7 +301,7 @@ public function checkExists($name, $type) { // // add the RR to the "prerequisite" section // - if (!in_[$rr, $this->_packet->answer, true]) { + if (!in_array($rr, $this->_packet->answer, true)) { $this->_packet->answer[] = $rr; } @@ -338,7 +338,7 @@ public function checkValueExists(Net_DNS2_RR $rr) { // // add the RR to the "prerequisite" section // - if (!in_[$rr, $this->_packet->answer, true]) { + if (!in_array($rr, $this->_packet->answer, true)) { $this->_packet->answer[] = $rr; } @@ -392,7 +392,7 @@ public function checkNotExists($name, $type) { // // add the RR to the "prerequisite" section // - if (!in_[$rr, $this->_packet->answer, true]) { + if (!in_array($rr, $this->_packet->answer, true)) { $this->_packet->answer[] = $rr; } @@ -440,7 +440,7 @@ public function checkNameInUse($name) { // // add the RR to the "prerequisite" section // - if (!in_[$rr, $this->_packet->answer, true]) { + if (!in_array($rr, $this->_packet->answer, true)) { $this->_packet->answer[] = $rr; } @@ -485,7 +485,7 @@ public function checkNameNotInUse($name) { // // add the RR to the "prerequisite" section // - if (!in_[$rr, $this->_packet->answer, true]) { + if (!in_array($rr, $this->_packet->answer, true)) { $this->_packet->answer[] = $rr; } diff --git a/lib/mactrack_3com.php b/lib/mactrack_3com.php index 9c53429..488c005 100644 --- a/lib/mactrack_3com.php +++ b/lib/mactrack_3com.php @@ -187,7 +187,7 @@ function get_3Com_base_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $s ($port_number <= $highPort))) { $ifname = $ifInterfaces[$bridgePortIfIndexes[$port_number]]['ifName']; - if (!in_[$ifname, $ignore_ports, true]) { + if (!in_array($ifname, $ignore_ports, true)) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_aruba_oscx.php b/lib/mactrack_aruba_oscx.php index 40dfca9..8721557 100644 --- a/lib/mactrack_aruba_oscx.php +++ b/lib/mactrack_aruba_oscx.php @@ -328,7 +328,7 @@ function get_aruba_oscx_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $ if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = substr($key,1); $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_cabletron.php b/lib/mactrack_cabletron.php index abe4a20..31dbf7a 100644 --- a/lib/mactrack_cabletron.php +++ b/lib/mactrack_cabletron.php @@ -116,7 +116,7 @@ function get_base_sfps_ports($site, &$device, &$ifInterfaces, $snmp_readstring, $mac_address = $sfps_A_mac_addresses[$sfps_A_keys[$j]]; if (($port_number >= $lowPort) && ($port_number <= $highPort)) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { $temp_port_A_array[$i]['port_number'] = $port_number; $temp_port_A_array[$i]['mac_address'] = xform_mac_address($mac_address); $i++; @@ -259,7 +259,7 @@ function get_repeater_rev4_ports($site, &$device, $lowPort, $highPort) { } if (($port_number <= $highPort) && ($port_number >= $lowPort)) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { // set defaults for devices in case they don't have/support vlans $new_port_key_array[$i]['vlan_id'] = 'N/A'; $new_port_key_array[$i]['vlan_name'] = 'N/A'; diff --git a/lib/mactrack_cisco.php b/lib/mactrack_cisco.php index a332a04..37034fb 100644 --- a/lib/mactrack_cisco.php +++ b/lib/mactrack_cisco.php @@ -413,7 +413,7 @@ function get_IOS_dot1dTpFdbEntry_ports($site, &$device, $lowPort = 0, $highPort } // VLAN-ID to skip - if (in_[$vlan_number, $skip_vlans, true]) { + if (in_array($vlan_number, $skip_vlans, true)) { mactrack_debug('VLAN Analysis for VLAN: ' . $vlan_number . '/' . $vlanName . ' is skipped. *** ALWAYS FORCED ***'); continue; @@ -421,7 +421,7 @@ function get_IOS_dot1dTpFdbEntry_ports($site, &$device, $lowPort = 0, $highPort // VLAN-ID to scan if (count($scan_vlans) > 0) { - if (!in_[$vlan_number, $scan_vlans, true]) { + if (!in_array($vlan_number, $scan_vlans, true)) { mactrack_debug('VLAN Analysis for VLAN: ' . $vlan_number . '/' . $vlanName . ' is skipped. *** NOT CONFIGURED ***'); continue; @@ -540,7 +540,7 @@ function get_IOS_dot1dTpFdbEntry_ports($site, &$device, $lowPort = 0, $highPort if ($ifType == 6 || $ifType == 53 || $ifType == 161) { if (($portTrunkStatus == '2') || // (empty($portTrunkStatus)) || - (in_[$portNumber, $scan_trunk_port, true]) || + (in_array($portNumber, $scan_trunk_port, true)) || (($vVlanID > 0) && ($vVlanID <= 1000))) { $port_array[$i]['vlan_id'] = $active_vlan['vlan_id']; $port_array[$i]['vlan_name'] = $active_vlan['vlan_name']; diff --git a/lib/mactrack_dell.php b/lib/mactrack_dell.php index ec7e9f2..dd51d5c 100644 --- a/lib/mactrack_dell.php +++ b/lib/mactrack_dell.php @@ -158,7 +158,7 @@ function get_base_dell_dot1qFdb_ports($site, &$device, &$ifInterfaces, $snmp_rea (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if ((isset($port_status[$key]) && $port_status[$key] == '3') || (isset($port_status[$key]) && $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_dlink.php b/lib/mactrack_dlink.php index 3958367..06fbc80 100644 --- a/lib/mactrack_dlink.php +++ b/lib/mactrack_dlink.php @@ -153,7 +153,7 @@ function get_dlink_l2_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $sn if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if ((@$port_status[$key] == '3') || (@$port_status[$key] == '1')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_enterasys_N7.php b/lib/mactrack_enterasys_N7.php index d959850..c0979f5 100644 --- a/lib/mactrack_enterasys_N7.php +++ b/lib/mactrack_enterasys_N7.php @@ -251,7 +251,7 @@ function get_enterasys_N7_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php index a8254bc..c2011c2 100644 --- a/lib/mactrack_functions.php +++ b/lib/mactrack_functions.php @@ -1371,7 +1371,7 @@ function get_base_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_r if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if ((isset($port_status[$key]) && $port_status[$key] == '3') || (isset($port_status[$key]) && $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; @@ -1605,7 +1605,7 @@ function get_base_wireless_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if ((@$port_status[$key] == '3') || (@$port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; @@ -1785,7 +1785,7 @@ function get_base_dot1qTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_r (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if ((isset($port_status[$key]) && $port_status[$key] == '3') || (isset($port_status[$key]) && $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; @@ -2695,7 +2695,7 @@ function import_oui_database($type = 'ui', $oui_file = 'http://standards-oui.iee print ''; } - if (is_[$oui_database]) { + if (is_array($oui_database)) { print __('OUI Database Download from IEEE Complete', 'mactrack') . PHP_EOL; } else { print __('OUI Database Download from IEEE FAILED', 'mactrack') . PHP_EOL; @@ -2705,7 +2705,7 @@ function import_oui_database($type = 'ui', $oui_file = 'http://standards-oui.iee print ''; } - if (is_[$oui_database]) { + if (is_array($oui_database)) { db_execute('UPDATE mac_track_oui_database SET present=0'); // initialize some variables @@ -3735,13 +3735,13 @@ function exportRows() { if (!function_exists('cacti_sizeof')) { function cacti_sizeof($array) { - return ($array === false || !is_[$array]) ? 0 : sizeof($array); + return ($array === false || !is_array($array)) ? 0 : sizeof($array); } } if (!function_exists('cacti_count')) { function cacti_count($array) { - return ($array === false || !is_[$array]) ? 0 : count($array); + return ($array === false || !is_array($array)) ? 0 : count($array); } } diff --git a/lib/mactrack_h3c_3com.php b/lib/mactrack_h3c_3com.php index 8f2ad03..e78fdd6 100644 --- a/lib/mactrack_h3c_3com.php +++ b/lib/mactrack_h3c_3com.php @@ -297,7 +297,7 @@ function get_h3c_3com_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $sn if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_juniper.php b/lib/mactrack_juniper.php index 110433c..bdd228b 100644 --- a/lib/mactrack_juniper.php +++ b/lib/mactrack_juniper.php @@ -163,7 +163,7 @@ function get_JEX_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) { $newPorts = []; foreach ($port_array as $port) { - if (in_[$port['port_number'], $ignore_ports, true] === false) { + if (in_array($port['port_number'), $ignore_ports, true] === false) { array_push($newPorts, $port); } } diff --git a/lib/mactrack_linux.php b/lib/mactrack_linux.php index b9b4098..592543a 100644 --- a/lib/mactrack_linux.php +++ b/lib/mactrack_linux.php @@ -156,7 +156,7 @@ function get_linux_dot1dTpFdbEntry_ports($site, &$device, &$ifInterfaces, $snmp_ if (($highPort == 0) || (($port_number >= $lowPort) && ($port_number <= $highPort))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if (isset($port_status[$key]) && $port_status[$key] == '3') { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/lib/mactrack_trendnet.php b/lib/mactrack_trendnet.php index 18e6899..6cbe4ed 100644 --- a/lib/mactrack_trendnet.php +++ b/lib/mactrack_trendnet.php @@ -183,7 +183,7 @@ function get_base_trendnet_dot1qFdb_ports($site, &$device, &$ifInterfaces, $snmp (($port_number >= $lowPort) && ($port_number <= $highPort) && ($bridge_root_port != $port_number))) { - if (!in_[$port_number, $ignore_ports, true]) { + if (!in_array($port_number, $ignore_ports, true)) { if (isset($port_status[$key]) && ($port_status[$key] == '3' || $port_status[$key] == '5')) { $port_key_array[$i]['key'] = $key; $port_key_array[$i]['port_number'] = $port_number; diff --git a/mactrack_actions.php b/mactrack_actions.php index 51aeccc..00e492c 100644 --- a/mactrack_actions.php +++ b/mactrack_actions.php @@ -182,7 +182,7 @@ function sync_cacti_to_mactrack($device) { // now fetch the related device from mac_track_devices, if any $mt_device = db_fetch_row('SELECT * from mac_track_devices WHERE host_id=' . $device['id']); - if (is_[$mt_device] && $mt_device) { + if (is_array($mt_device) && $mt_device) { if (!isset($mt_device['snmp_engine_id'])) { $mt_device['snmp_engine_id'] = ''; } @@ -305,7 +305,7 @@ function mactrack_device_action_execute($action) { // now fetch the related device from mac_track_devices, if any $mt_device = db_fetch_row_prepared('SELECT * from mac_track_devices WHERE host_id = ?', [$device['id']]); - if (is_[$device]) { + if (is_array($device)) { // update mac_track_device $device_id = api_mactrack_device_save( (isset($mt_device['device_id']) ? $mt_device['device_id'] : '0'), // not a host column diff --git a/mactrack_device_types.php b/mactrack_device_types.php index b668c4a..0a3ce48 100644 --- a/mactrack_device_types.php +++ b/mactrack_device_types.php @@ -507,7 +507,7 @@ function mactrack_device_type_import() { ?>

" . __('Cacti has imported the following items:', 'mactrack') . '

'; @@ -750,7 +750,7 @@ function mactrack_device_type_import_processor(&$device_types) { $sql_where = ''; foreach ($line_array as $line_item) { - if (in_[$j, $insert_columns, true]) { + if (in_array($j, $insert_columns, true)) { $line_item = trim(str_replace("'", '', $line_item)); $line_item = trim(str_replace('"', '', $line_item)); diff --git a/mactrack_devices.php b/mactrack_devices.php index f170b2a..57300f4 100644 --- a/mactrack_devices.php +++ b/mactrack_devices.php @@ -502,7 +502,7 @@ function mactrack_device_import() { ?>

" . __('Cacti has imported the following items:', 'mactrack') . '

'; @@ -747,7 +747,7 @@ function mactrack_device_import_processor(&$devices) { if (cacti_sizeof($line_array)) { foreach ($line_array as $line_item) { - if (in_[$j, $insert_columns, true]) { + if (in_array($j, $insert_columns, true)) { $line_item = trim(str_replace("'", '', $line_item)); $line_item = trim(str_replace('"', '', $line_item)); diff --git a/mactrack_view_interfaces.php b/mactrack_view_interfaces.php index 94ad922..c3bbbff 100644 --- a/mactrack_view_interfaces.php +++ b/mactrack_view_interfaces.php @@ -359,7 +359,7 @@ function mactrack_view() { bottom_footer(); } -function mactrack_display_[] { +function mactrack_display_array() { $display_text = [ 'nosort' => [ 'display' => __('Actions', 'mactrack'), diff --git a/mactrack_view_ips.php b/mactrack_view_ips.php index a794403..b8e4327 100644 --- a/mactrack_view_ips.php +++ b/mactrack_view_ips.php @@ -111,7 +111,7 @@ function mactrack_view_export_ip_ranges() { array_push($xport_array, '"site_id","site_name","ip_range",' . '"ips_current","ips_current_date","ips_max","ips_max_date"'); - if (is_[$ip_ranges]) { + if (is_array($ip_ranges)) { foreach ($ip_ranges as $ip_range) { array_push($xport_array,'"' . $ip_range['site_id'] . '","' . $ip_range['site_name'] . '","' . diff --git a/poller_mactrack.php b/poller_mactrack.php index 15885cd..1f9bbd1 100644 --- a/poller_mactrack.php +++ b/poller_mactrack.php @@ -827,7 +827,7 @@ function collect_mactrack_data($start, $site_id = 0) { WHERE ip_address != '' GROUP BY ip_range, site_id"); - if (is_[$ip_ranges]) { + if (is_array($ip_ranges)) { foreach ($ip_ranges as $ip_range) { $range_record = db_fetch_row_prepared('SELECT * FROM mac_track_ip_ranges From 931a638bdcde1533a3248797d6a62af68ffce49a Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Thu, 9 Apr 2026 22:36:08 -0700 Subject: [PATCH 04/14] fix: restore corrupted function calls from refactor tool Revert bulk array()->[] rewrite damage affecting: - is_array, in_array, xml2array - call_user_func_array, filter_var_array - Function declarations with _array suffix Signed-off-by: Thomas Vincent --- Net/DNS2.php | 2 -- Net/DNS2/BitMap.php | 2 -- Net/DNS2/Cache.php | 2 -- Net/DNS2/Cache/File.php | 2 -- Net/DNS2/Cache/Shm.php | 2 -- Net/DNS2/Exception.php | 2 -- Net/DNS2/Header.php | 2 -- Net/DNS2/Lookups.php | 2 -- Net/DNS2/Notifier.php | 2 -- Net/DNS2/Packet.php | 2 -- Net/DNS2/Packet/Request.php | 2 -- Net/DNS2/Packet/Response.php | 2 -- Net/DNS2/PrivateKey.php | 2 -- Net/DNS2/Question.php | 2 -- Net/DNS2/RR.php | 2 -- Net/DNS2/RR/A.php | 2 -- Net/DNS2/RR/AAAA.php | 2 -- Net/DNS2/RR/AFSDB.php | 2 -- Net/DNS2/RR/AMTRELAY.php | 2 -- Net/DNS2/RR/ANY.php | 2 -- Net/DNS2/RR/APL.php | 2 -- Net/DNS2/RR/ATMA.php | 2 -- Net/DNS2/RR/AVC.php | 2 -- Net/DNS2/RR/CAA.php | 2 -- Net/DNS2/RR/CDNSKEY.php | 2 -- Net/DNS2/RR/CDS.php | 2 -- Net/DNS2/RR/CERT.php | 2 -- Net/DNS2/RR/CNAME.php | 2 -- Net/DNS2/RR/CSYNC.php | 2 -- Net/DNS2/RR/DHCID.php | 2 -- Net/DNS2/RR/DLV.php | 2 -- Net/DNS2/RR/DNAME.php | 2 -- Net/DNS2/RR/DNSKEY.php | 2 -- Net/DNS2/RR/DS.php | 2 -- Net/DNS2/RR/EID.php | 2 -- Net/DNS2/RR/EUI48.php | 2 -- Net/DNS2/RR/EUI64.php | 2 -- Net/DNS2/RR/HINFO.php | 2 -- Net/DNS2/RR/HIP.php | 2 -- Net/DNS2/RR/IPSECKEY.php | 2 -- Net/DNS2/RR/ISDN.php | 2 -- Net/DNS2/RR/KEY.php | 2 -- Net/DNS2/RR/KX.php | 2 -- Net/DNS2/RR/L32.php | 2 -- Net/DNS2/RR/L64.php | 2 -- Net/DNS2/RR/LOC.php | 2 -- Net/DNS2/RR/LP.php | 2 -- Net/DNS2/RR/MX.php | 2 -- Net/DNS2/RR/NAPTR.php | 2 -- Net/DNS2/RR/NID.php | 2 -- Net/DNS2/RR/NIMLOC.php | 2 -- Net/DNS2/RR/NS.php | 2 -- Net/DNS2/RR/NSAP.php | 2 -- Net/DNS2/RR/NSEC.php | 2 -- Net/DNS2/RR/NSEC3.php | 2 -- Net/DNS2/RR/NSEC3PARAM.php | 2 -- Net/DNS2/RR/OPENPGPKEY.php | 2 -- Net/DNS2/RR/OPT.php | 2 -- Net/DNS2/RR/PTR.php | 2 -- Net/DNS2/RR/PX.php | 2 -- Net/DNS2/RR/RP.php | 2 -- Net/DNS2/RR/RRSIG.php | 2 -- Net/DNS2/RR/RT.php | 2 -- Net/DNS2/RR/SIG.php | 2 -- Net/DNS2/RR/SMIMEA.php | 2 -- Net/DNS2/RR/SOA.php | 2 -- Net/DNS2/RR/SPF.php | 2 -- Net/DNS2/RR/SRV.php | 2 -- Net/DNS2/RR/SSHFP.php | 2 -- Net/DNS2/RR/TA.php | 2 -- Net/DNS2/RR/TALINK.php | 2 -- Net/DNS2/RR/TKEY.php | 2 -- Net/DNS2/RR/TLSA.php | 2 -- Net/DNS2/RR/TSIG.php | 2 -- Net/DNS2/RR/TXT.php | 2 -- Net/DNS2/RR/TYPE65534.php | 2 -- Net/DNS2/RR/URI.php | 2 -- Net/DNS2/RR/WKS.php | 2 -- Net/DNS2/RR/X25.php | 2 -- Net/DNS2/Resolver.php | 2 -- Net/DNS2/Socket.php | 2 -- Net/DNS2/Socket/Sockets.php | 2 -- Net/DNS2/Socket/Streams.php | 2 -- Net/DNS2/Updater.php | 2 -- lib/mactrack_3com.php | 2 +- lib/mactrack_aruba_oscx.php | 2 +- lib/mactrack_cabletron.php | 4 ++-- lib/mactrack_dell.php | 2 +- lib/mactrack_dlink.php | 2 +- lib/mactrack_enterasys_N7.php | 2 +- lib/mactrack_functions.php | 8 ++++---- lib/mactrack_h3c_3com.php | 2 +- lib/mactrack_juniper.php | 2 +- lib/mactrack_linux.php | 2 +- lib/mactrack_trendnet.php | 2 +- mactrack_scanner.php | 6 +++--- 96 files changed, 18 insertions(+), 186 deletions(-) diff --git a/Net/DNS2.php b/Net/DNS2.php index e29e207..2a6360d 100644 --- a/Net/DNS2.php +++ b/Net/DNS2.php @@ -1,7 +1,5 @@ Date: Fri, 10 Apr 2026 01:36:59 -0700 Subject: [PATCH 05/14] fix: restore corrupted is_array($_SESSION['import_debug_info']) calls Signed-off-by: Thomas Vincent --- lib/mactrack_juniper.php | 2 +- mactrack_actions.php | 2 +- mactrack_convert.php | 2 +- mactrack_device_types.php | 2 +- mactrack_devices.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/mactrack_juniper.php b/lib/mactrack_juniper.php index 937852b..294bee8 100644 --- a/lib/mactrack_juniper.php +++ b/lib/mactrack_juniper.php @@ -163,7 +163,7 @@ function get_JEX_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) { $newPorts = []; foreach ($port_array as $port) { - if (in_array($port['port_number'), $ignore_ports, true] === false) { + if (in_array($port['port_number'], $ignore_ports, true) === false) { array_push($newPorts, $port); } } diff --git a/mactrack_actions.php b/mactrack_actions.php index 00e492c..00ead87 100644 --- a/mactrack_actions.php +++ b/mactrack_actions.php @@ -233,7 +233,7 @@ function sync_cacti_to_mactrack($device) { * @arg $action actions to be performed from dropdown * @param mixed $action */ -function mactrack_device_action_[$action] { +function mactrack_device_action_array($action) { $action['plugin_mactrack_device'] = __('Import into Mactrack Database', 'mactrack'); return $action; diff --git a/mactrack_convert.php b/mactrack_convert.php index 9bc55f2..139b399 100644 --- a/mactrack_convert.php +++ b/mactrack_convert.php @@ -201,7 +201,7 @@ function mactrack_create_partitioned_table($engine = 'InnoDB', $charset, $collat } } */ - db_execute('INSERT mac_track_ports SELECT * FROM mac_track_ports_backup'); + db_execute('INSERT INTO mac_track_ports SELECT * FROM mac_track_ports_backup'); } db_execute('DROP TABLE mac_track_ports_backup'); diff --git a/mactrack_device_types.php b/mactrack_device_types.php index 0a3ce48..615e3a3 100644 --- a/mactrack_device_types.php +++ b/mactrack_device_types.php @@ -507,7 +507,7 @@ function mactrack_device_type_import() { ?>

" . __('Cacti has imported the following items:', 'mactrack') . '

'; diff --git a/mactrack_devices.php b/mactrack_devices.php index 57300f4..a8ccfb4 100644 --- a/mactrack_devices.php +++ b/mactrack_devices.php @@ -502,7 +502,7 @@ function mactrack_device_import() { ?>

" . __('Cacti has imported the following items:', 'mactrack') . '

'; From b1399cb969dde52e38f891f22024826767818471 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Fri, 10 Apr 2026 06:02:24 -0700 Subject: [PATCH 06/14] fix: restore mactrack_display_array function call Signed-off-by: Thomas Vincent --- mactrack_view_interfaces.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mactrack_view_interfaces.php b/mactrack_view_interfaces.php index c3bbbff..72720d5 100644 --- a/mactrack_view_interfaces.php +++ b/mactrack_view_interfaces.php @@ -288,7 +288,7 @@ function mactrack_view() { $total_rows = db_fetch_cell($rows_query_string); - $display_text = mactrack_display_[]; + $display_text = mactrack_display_array(); $columns = cacti_sizeof($display_text); From 0fae6572bf200fbd2657217c5f06b63eaf580f7b Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Fri, 24 Apr 2026 13:45:19 -0600 Subject: [PATCH 07/14] ci: add PHP syntax matrix workflow for PR gating --- .github/workflows/php-syntax.yml | 52 ++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows/php-syntax.yml diff --git a/.github/workflows/php-syntax.yml b/.github/workflows/php-syntax.yml new file mode 100644 index 0000000..efc716c --- /dev/null +++ b/.github/workflows/php-syntax.yml @@ -0,0 +1,52 @@ +name: PHP Syntax + +on: + pull_request: + push: + branches: + - develop + +permissions: + contents: read + +concurrency: + group: php-syntax-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint: + name: PHP ${{ matrix.php }} syntax + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + php: ['7.4', '8.0', '8.1', '8.2', '8.3', '8.4'] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + tools: none + coverage: none + + - name: Show PHP version + run: php -v + + - name: Guard against corrupted refactor patterns + run: | + set -euo pipefail + if rg -n '\b(is_|in_|call_user_func_|port_list_to_|mactrack_display_|mactrack_device_action_)\[' -g '*.php' .; then + echo "Detected corrupted call-pattern rewrite(s)." >&2 + exit 1 + fi + + - name: Lint PHP files + run: | + set -euo pipefail + rg --files -g '*.php' | while IFS= read -r f; do + php -l "$f" + done From 83fbd04d20c1652f6360b5902b22f6c87c126968 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Fri, 24 Apr 2026 13:47:41 -0600 Subject: [PATCH 08/14] ci: remove ripgrep dependency from syntax workflow --- .github/workflows/php-syntax.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/php-syntax.yml b/.github/workflows/php-syntax.yml index efc716c..07fa0d8 100644 --- a/.github/workflows/php-syntax.yml +++ b/.github/workflows/php-syntax.yml @@ -39,7 +39,7 @@ jobs: - name: Guard against corrupted refactor patterns run: | set -euo pipefail - if rg -n '\b(is_|in_|call_user_func_|port_list_to_|mactrack_display_|mactrack_device_action_)\[' -g '*.php' .; then + if grep -R -n -E '\b(is_|in_|call_user_func_|port_list_to_|mactrack_display_|mactrack_device_action_)\[' --include='*.php' .; then echo "Detected corrupted call-pattern rewrite(s)." >&2 exit 1 fi @@ -47,6 +47,6 @@ jobs: - name: Lint PHP files run: | set -euo pipefail - rg --files -g '*.php' | while IFS= read -r f; do + git ls-files '*.php' | while IFS= read -r f; do php -l "$f" done From 597c144ad40250e85aa60edbfeb39f48f93f4ec3 Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Fri, 24 Apr 2026 13:58:28 -0600 Subject: [PATCH 09/14] style: normalize strict_types declaration spacing for cs fixer --- images/index.php | 2 +- includes/database.php | 2 +- index.php | 2 +- lib/index.php | 2 +- lib/mactrack_3com.php | 2 +- lib/mactrack_aruba_oscx.php | 2 +- lib/mactrack_cabletron.php | 2 +- lib/mactrack_cisco.php | 2 +- lib/mactrack_dell.php | 2 +- lib/mactrack_dlink.php | 2 +- lib/mactrack_enterasys.php | 2 +- lib/mactrack_enterasys_N7.php | 2 +- lib/mactrack_extreme.php | 2 +- lib/mactrack_foundry.php | 2 +- lib/mactrack_functions.php | 2 +- lib/mactrack_h3c_3com.php | 2 +- lib/mactrack_hp.php | 2 +- lib/mactrack_hp_ng.php | 2 +- lib/mactrack_hp_ngi.php | 2 +- lib/mactrack_juniper.php | 2 +- lib/mactrack_linux.php | 2 +- lib/mactrack_norbay.php | 2 +- lib/mactrack_norbay_ng.php | 2 +- lib/mactrack_tplink.php | 2 +- lib/mactrack_trendnet.php | 2 +- lib/mactrack_vendors.php | 2 +- locales/LC_MESSAGES/index.php | 2 +- locales/index.php | 2 +- locales/po/index.php | 2 +- mactrack_actions.php | 2 +- mactrack_ajax.php | 2 +- mactrack_ajax_admin.php | 2 +- mactrack_convert.php | 2 +- mactrack_device_types.php | 2 +- mactrack_devices.php | 2 +- mactrack_import_ouidb.php | 2 +- mactrack_macauth.php | 2 +- mactrack_macwatch.php | 2 +- mactrack_resolver.php | 2 +- mactrack_scanner.php | 2 +- mactrack_sites.php | 2 +- mactrack_snmp.php | 2 +- mactrack_utilities.php | 2 +- mactrack_vendormacs.php | 2 +- mactrack_view_arp.php | 2 +- mactrack_view_devices.php | 2 +- mactrack_view_dot1x.php | 2 +- mactrack_view_graphs.php | 2 +- mactrack_view_interfaces.php | 2 +- mactrack_view_ips.php | 2 +- mactrack_view_macs.php | 2 +- mactrack_view_sites.php | 2 +- setup.php | 2 +- 53 files changed, 53 insertions(+), 53 deletions(-) diff --git a/images/index.php b/images/index.php index d1f768b..06a9f5c 100644 --- a/images/index.php +++ b/images/index.php @@ -1,6 +1,6 @@ Date: Fri, 24 Apr 2026 14:14:36 -0600 Subject: [PATCH 10/14] docs: restore accurate var_dump examples in vendor comments --- lib/mactrack_aruba_oscx.php | 4 ++-- lib/mactrack_h3c_3com.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/mactrack_aruba_oscx.php b/lib/mactrack_aruba_oscx.php index 1693915..a44d896 100644 --- a/lib/mactrack_aruba_oscx.php +++ b/lib/mactrack_aruba_oscx.php @@ -78,7 +78,7 @@ function get_aruba_oscx_switch_ports($site, &$device, $lowPort = 0, $highPort = /* vlan_ids: - [8] { + array(8) { [1]=> string(1) "1" [102]=> @@ -89,7 +89,7 @@ function get_aruba_oscx_switch_ports($site, &$device, $lowPort = 0, $highPort = string(3) "122" vlan_names: - [8] { + array(8) { [1]=> string(9) "VLAN 0001" [102]=> diff --git a/lib/mactrack_h3c_3com.php b/lib/mactrack_h3c_3com.php index 7d27cdf..5340fd5 100644 --- a/lib/mactrack_h3c_3com.php +++ b/lib/mactrack_h3c_3com.php @@ -60,7 +60,7 @@ function get_h3c_3com_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) /* vlan_ids: - [8] { + array(8) { [1]=> string(1) "1" [102]=> @@ -71,7 +71,7 @@ function get_h3c_3com_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) string(3) "122" vlan_names: - [8] { + array(8) { [1]=> string(9) "VLAN 0001" [102]=> @@ -88,7 +88,7 @@ function get_h3c_3com_switch_ports($site, &$device, $lowPort = 0, $highPort = 0) $port_vlan_data = xform_standard_indexed_data('.1.3.6.1.2.1.17.7.1.4.5.1.1', $device); /* - [31] { + array(31) { [1]=> string(1) "1" [2]=> From 50a8612f441dbae3aa213844c59c42858fe432da Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Sat, 16 May 2026 21:22:59 -0700 Subject: [PATCH 11/14] fix(security): html_escape, unserialize hardening, prepared statements - Wrap all db-sourced option text in html_escape() across six view files and lib/mactrack_functions.php (site_name, device_name, hostname, description, sysDescr_match) - Add allowed_classes:false to unserialize() of user-supplied mac/ip map in mactrack_view_macs.php (object injection mitigation) - Cast device_id and site_id to int before passthru() in rescan and site-scan helpers; add nosemgrep annotations - Convert two raw SQL concatenations in mactrack_actions.php to db_fetch_row_prepared(); convert mac_track_interfaces query in mactrack_functions.php to db_fetch_assoc_prepared() Signed-off-by: Thomas Vincent --- lib/mactrack_functions.php | 14 +++++++------- mactrack_actions.php | 4 ++-- mactrack_devices.php | 4 ++-- mactrack_view_arp.php | 4 ++-- mactrack_view_devices.php | 2 +- mactrack_view_dot1x.php | 2 +- mactrack_view_interfaces.php | 4 ++-- mactrack_view_ips.php | 2 +- mactrack_view_macs.php | 11 ++++++----- 9 files changed, 24 insertions(+), 23 deletions(-) diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php index 0515119..a16b10c 100644 --- a/lib/mactrack_functions.php +++ b/lib/mactrack_functions.php @@ -562,7 +562,7 @@ function build_InterfacesTable(&$device, &$ifIndexes, $getLinkPorts = false, $ge } // required only for interfaces table - $db_data = db_fetch_assoc("SELECT * FROM mac_track_interfaces WHERE device_id='" . $device['device_id'] . "' ORDER BY ifIndex"); + $db_data = db_fetch_assoc_prepared('SELECT * FROM mac_track_interfaces WHERE device_id = ? ORDER BY ifIndex', [$device['device_id']]); if (cacti_sizeof($db_data)) { foreach ($db_data as $interface) { @@ -3138,8 +3138,8 @@ function mactrack_rescan($web = false) { ob_start(); // execute the command, and show the results - $command = read_config_option('path_php_binary') . ' -q ' . $command_string . $extra_args; - passthru($command); + $command = read_config_option('path_php_binary') . ' -q ' . $command_string . ' -id=' . (int)$dbinfo['device_id'] . ($web ? ' --web' : ''); + passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- path_php_binary is admin-configured; device_id cast to int; command_string is a server-local path $data['content'] = ob_get_clean(); } @@ -3177,8 +3177,8 @@ function mactrack_site_scan($web = false) { ob_start(); // execute the command, and show the results - $command = read_config_option('path_php_binary') . ' -q ' . $command_string . $extra_args; - passthru($command); + $command = read_config_option('path_php_binary') . ' -q ' . $command_string . ' --web -sid=' . (int)$dbinfo['site_id']; + passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- path_php_binary is admin-configured; site_id cast to int; command_string is a server-local path $data['content'] = ob_get_clean(); } @@ -3641,7 +3641,7 @@ function mactrack_site_filter($page = 'mactrack_sites.php') { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> @@ -3667,7 +3667,7 @@ function mactrack_site_filter($page = 'mactrack_sites.php') { if (get_request_var('device_type_id') == $device_type['device_type_id']) { print ' selected'; - } print '>' . $device_type['description'] . ' (' . $device_type['sysDescr_match'] . ')'; + } print '>' . html_escape($device_type['description']) . ' (' . html_escape($device_type['sysDescr_match']) . ')'; } } ?> diff --git a/mactrack_actions.php b/mactrack_actions.php index c28c247..105dc26 100644 --- a/mactrack_actions.php +++ b/mactrack_actions.php @@ -151,7 +151,7 @@ function sync_mactrack_to_cacti($mt_device) { } // fetch current data for cacti device - $cacti_device = db_fetch_row('SELECT * FROM host WHERE id=' . $mt_device['host_id']); + $cacti_device = db_fetch_row_prepared('SELECT * FROM host WHERE id = ?', [$mt_device['host_id']]); if (cacti_sizeof($cacti_device)) { // update cacti device @@ -180,7 +180,7 @@ function sync_cacti_to_mactrack($device) { if ((read_config_option('mt_update_policy', true) == 2) && ($device['id'] > 0)) { // $devices holds the whole row from host table // now fetch the related device from mac_track_devices, if any - $mt_device = db_fetch_row('SELECT * from mac_track_devices WHERE host_id=' . $device['id']); + $mt_device = db_fetch_row_prepared('SELECT * FROM mac_track_devices WHERE host_id = ?', [$device['id']]); if (is_array($mt_device) && $mt_device) { if (!isset($mt_device['snmp_engine_id'])) { diff --git a/mactrack_devices.php b/mactrack_devices.php index 674777e..919cf82 100644 --- a/mactrack_devices.php +++ b/mactrack_devices.php @@ -882,7 +882,7 @@ function mactrack_device_edit() { @@ -1180,7 +1180,7 @@ function mactrack_device_filter() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> diff --git a/mactrack_view_arp.php b/mactrack_view_arp.php index be47b02..64b1349 100644 --- a/mactrack_view_arp.php +++ b/mactrack_view_arp.php @@ -472,7 +472,7 @@ function mactrack_ip_address_filter() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> @@ -503,7 +503,7 @@ function mactrack_ip_address_filter() { if (get_request_var('device_id') == $filter_device['device_id']) { print ' selected'; - } print '>' . $filter_device['device_name'] . '(' . $filter_device['hostname'] . ')' . ''; + } print '>' . html_escape($filter_device['device_name']) . '(' . html_escape($filter_device['hostname']) . ')' . ''; } } ?> diff --git a/mactrack_view_devices.php b/mactrack_view_devices.php index cfcec67..5f0a54c 100644 --- a/mactrack_view_devices.php +++ b/mactrack_view_devices.php @@ -447,7 +447,7 @@ function mactrack_device_filter2() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> diff --git a/mactrack_view_dot1x.php b/mactrack_view_dot1x.php index 39ddb12..286b824 100644 --- a/mactrack_view_dot1x.php +++ b/mactrack_view_dot1x.php @@ -560,7 +560,7 @@ function mactrack_dot1x_filter() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> diff --git a/mactrack_view_interfaces.php b/mactrack_view_interfaces.php index 304dc20..8718912 100644 --- a/mactrack_view_interfaces.php +++ b/mactrack_view_interfaces.php @@ -510,7 +510,7 @@ function mactrack_filter_table() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> @@ -618,7 +618,7 @@ function mactrack_filter_table() { if (get_request_var('device_id') == $device_id) { print ' selected'; - } print '>' . $device_name . ''; + } print '>' . html_escape($device_name) . ''; } } ?> diff --git a/mactrack_view_ips.php b/mactrack_view_ips.php index 821bfed..c93935d 100644 --- a/mactrack_view_ips.php +++ b/mactrack_view_ips.php @@ -313,7 +313,7 @@ function mactrack_ips_filter() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> diff --git a/mactrack_view_macs.php b/mactrack_view_macs.php index 9670fcf..9e70702 100644 --- a/mactrack_view_macs.php +++ b/mactrack_view_macs.php @@ -90,7 +90,7 @@ function form_actions() { // if we are to save this form, instead of display it if (isset_request_var('selected_items')) { - $selected_items = unserialize(get_nfilter_request_var('selected_items')); + $selected_items = unserialize(get_nfilter_request_var('selected_items'), ['allowed_classes' => false]); // nosemgrep: php.lang.security.unserialize-use.unserialize-use -- object injection blocked by allowed_classes:false; mac/ip validated below foreach ($selected_items as $mac=>$ip) { if (!filter_var($mac, FILTER_VALIDATE_MAC)) { @@ -149,7 +149,7 @@ function form_actions() { } if (!isset($mac_address_array[$mac])) { - $mac_address_list .= '
  • ' . mactrack_format_mac($mac) . '
    • '; + $mac_address_list .= '
  • ' . html_escape(mactrack_format_mac($mac)) . '
    • '; // nosemgrep: php.lang.security.tainted-user-input-in-php-script.tainted-user-input-in-php-script -- mac extracted from POST key, sanitize_search_string applied, html_escape applied at output $mac_address_array[$mac] = $ip; } } @@ -187,7 +187,8 @@ function form_actions() { $save_html = "'; } - print " + print // nosemgrep: php.lang.security.injection.printed-request.printed-request -- drp_action validated; selected_items values from POST keys sanitized via sanitize_search_string + "
    - () + ()
    @@ -1125,7 +1126,7 @@ function mactrack_mac_filter() { if (get_request_var('site_id') == $site['site_id']) { print ' selected'; - } print '>' . $site['site_name'] . ''; + } print '>' . html_escape($site['site_name']) . ''; } } ?> @@ -1156,7 +1157,7 @@ function mactrack_mac_filter() { if (get_request_var('device_id') == $filter_device['device_id']) { print ' selected'; - } print '>' . $filter_device['device_name'] . '(' . $filter_device['hostname'] . ')' . ''; + } print '>' . html_escape($filter_device['device_name']) . '(' . html_escape($filter_device['hostname']) . ')' . ''; } } ?> From a0b8f5b5dd748acbd8ba9352d07fa163d5837b2b Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Sat, 16 May 2026 21:23:06 -0700 Subject: [PATCH 12/14] test: add unit, integration, handoff, mutation, and smoke tests 52 tests covering: - XSS html_escape at all output boundaries (unit + handoff) - unserialize allowed_classes hardening (unit + mutation) - passthru int-cast regression (unit + mutation) - prepared statement consistency scan (integration) - PHP syntax of all plugin files (smoke) - Required Cacti plugin hook functions (smoke + handoff) Signed-off-by: Thomas Vincent --- phpunit.xml | 29 ++++++ tests/Handoff/SetupStructureTest.php | 46 ++++++++++ tests/Handoff/XssEscapingHandoffTest.php | 37 ++++++++ tests/Integration/PreparedStatementTest.php | 43 +++++++++ tests/Mutation/FixedBugRegressionTest.php | 97 +++++++++++++++++++++ tests/Pest.php | 3 + tests/Smoke/PluginFilesSyntaxTest.php | 75 ++++++++++++++++ tests/Unit/PassthruHardeningTest.php | 30 +++++++ tests/Unit/UnserializeHardeningTest.php | 43 +++++++++ tests/Unit/XssEscapingTest.php | 76 ++++++++++++++++ tests/bootstrap.php | 5 ++ 11 files changed, 484 insertions(+) create mode 100644 phpunit.xml create mode 100644 tests/Handoff/SetupStructureTest.php create mode 100644 tests/Handoff/XssEscapingHandoffTest.php create mode 100644 tests/Integration/PreparedStatementTest.php create mode 100644 tests/Mutation/FixedBugRegressionTest.php create mode 100644 tests/Pest.php create mode 100644 tests/Smoke/PluginFilesSyntaxTest.php create mode 100644 tests/Unit/PassthruHardeningTest.php create mode 100644 tests/Unit/UnserializeHardeningTest.php create mode 100644 tests/Unit/XssEscapingTest.php create mode 100644 tests/bootstrap.php diff --git a/phpunit.xml b/phpunit.xml new file mode 100644 index 0000000..f314317 --- /dev/null +++ b/phpunit.xml @@ -0,0 +1,29 @@ + + + + + ./tests/Unit + + + ./tests/Handoff + + + ./tests/Integration + + + ./tests/Mutation + + + ./tests/Smoke + + + + + + diff --git a/tests/Handoff/SetupStructureTest.php b/tests/Handoff/SetupStructureTest.php new file mode 100644 index 0000000..8a64ea5 --- /dev/null +++ b/tests/Handoff/SetupStructureTest.php @@ -0,0 +1,46 @@ +toContain('function plugin_mactrack_install'); + }); + + it('defines plugin_mactrack_version function', function () use ($setup) { + expect($setup)->toContain('function plugin_mactrack_version'); + }); + + it('defines plugin_mactrack_uninstall function', function () use ($setup) { + expect($setup)->toContain('function plugin_mactrack_uninstall'); + }); + + it('registers hooks in install function', function () use ($setup) { + expect($setup)->toContain('api_plugin_register_hook'); + }); + + it('reads version from INFO ini file', function () use ($setup) { + expect($setup)->toContain('parse_ini_file'); + }); + + it('has INFO file with required fields', function () { + $info = parse_ini_file(realpath(__DIR__ . '/../../INFO')); + expect($info)->toHaveKey('name'); + expect($info)->toHaveKey('version'); + expect($info['name'])->toBe('mactrack'); + }); +}); + +describe('mactrack required entry points', function () { + $setupSource = file_get_contents(realpath(__DIR__ . '/../../setup.php')); + + it('defines plugin_mactrack_check_config', function () use ($setupSource) { + expect($setupSource)->toContain('function plugin_mactrack_check_config'); + }); + + it('defines plugin_mactrack_upgrade', function () use ($setupSource) { + expect($setupSource)->toContain('function plugin_mactrack_upgrade'); + }); +}); diff --git a/tests/Handoff/XssEscapingHandoffTest.php b/tests/Handoff/XssEscapingHandoffTest.php new file mode 100644 index 0000000..a66d1c4 --- /dev/null +++ b/tests/Handoff/XssEscapingHandoffTest.php @@ -0,0 +1,37 @@ +' . $site['site_name'] . ''; + $unescaped = preg_match("/print\s+'>'\\s*\\.\\s*\\\$site\['site_name'\]\\s*\\.\\s*'<\\/option>'/", $src); + expect($unescaped)->toBe(0, 'site_name must be wrapped in html_escape() before printing'); + }); + + it('mactrack_view_arp.php has no unescaped device_name in option tags', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../mactrack_view_arp.php')); + $unescaped = preg_match("/print\s+'>'\\s*\\.\\s*\\\$filter_device\['device_name'\]\\s*\\./", $src); + expect($unescaped)->toBe(0, 'device_name must be wrapped in html_escape() before printing'); + }); + + it('mactrack_view_macs.php has no unescaped site_name in option tags', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../mactrack_view_macs.php')); + $unescaped = preg_match("/print\s+'>'\\s*\\.\\s*\\\$site\['site_name'\]\\s*\\.\\s*'<\\/option>'/", $src); + expect($unescaped)->toBe(0); + }); + + it('mactrack_devices.php has no unescaped device_name direct print', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../mactrack_devices.php')); + // verify escaped version is present and bare print is absent + expect($src)->toContain('html_escape($device[\'device_name\'])'); + expect($src)->not->toContain('print $device[\'device_name\']'); + }); + + it('lib/mactrack_functions.php has no unescaped description in option tags', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../lib/mactrack_functions.php')); + $unescaped = preg_match("/print\s+'>'\\s*\\.\\s*\\\$device_type\['description'\]\\s*\\./", $src); + expect($unescaped)->toBe(0, 'description must be wrapped in html_escape()'); + }); +}); diff --git a/tests/Integration/PreparedStatementTest.php b/tests/Integration/PreparedStatementTest.php new file mode 100644 index 0000000..4cbe6bd --- /dev/null +++ b/tests/Integration/PreparedStatementTest.php @@ -0,0 +1,43 @@ +toBeEmpty( + 'Found request-var SQL injection: ' . implode("\n", $violations) + ); + }); + + it('uses db_fetch_assoc_prepared in lib/mactrack_functions.php for device_id query', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../lib/mactrack_functions.php')); + expect($src)->toContain('db_fetch_assoc_prepared('); + expect($src)->toContain('WHERE device_id = ?'); + expect($src)->not->toContain("WHERE device_id='\""); + }); + + it('lib/mactrack_functions.php has no string-concatenated device_id in SELECT queries', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../lib/mactrack_functions.php')); + $unsafe = preg_match('/db_fetch_assoc\s*\(\s*["\']SELECT[^"\']*WHERE\s+device_id\s*=\s*["\']/', $src); + expect($unsafe)->toBe(0, 'device_id must be parameterized via prepared statement'); + }); +}); diff --git a/tests/Mutation/FixedBugRegressionTest.php b/tests/Mutation/FixedBugRegressionTest.php new file mode 100644 index 0000000..6e81007 --- /dev/null +++ b/tests/Mutation/FixedBugRegressionTest.php @@ -0,0 +1,97 @@ +toContain("['allowed_classes' => false]"); + }); + + it('the allowed_classes option appears on the same unserialize call as get_nfilter_request_var', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../mactrack_view_macs.php')); + $pattern = "/unserialize\s*\(\s*get_nfilter_request_var\s*\([^)]+\)\s*,\s*\['allowed_classes'\s*=>\s*false\]\s*\)/"; + expect((bool) preg_match($pattern, $src))->toBeTrue('allowed_classes must be on the same unserialize call'); + }); + + it('has no unserialize call without allowed_classes on user input', function () { + $src = file_get_contents(realpath(__DIR__ . '/../../mactrack_view_macs.php')); + $unsafe = preg_match_all( + "/unserialize\s*\(\s*get_nfilter_request_var\s*\([^)]+\)\s*\)(?!\s*;?\s*\/\/\s*nosemgrep)/", + $src + ); + expect($unsafe)->toBe(0); + }); +}); + +describe('passthru integer injection fix regression', function () { + $funcs = file_get_contents(realpath(__DIR__ . '/../../lib/mactrack_functions.php')); + + it('device rescan does not concatenate raw device_id string into command', function () use ($funcs) { + // Before fix: $extra_args = ' -id=' . $dbinfo['device_id'] concatenated as string + expect($funcs)->not->toContain("'-id=' . \$dbinfo['device_id']"); + }); + + it('site scan does not concatenate raw site_id string into command', function () use ($funcs) { + // Before fix: ' -sid=' . $dbinfo['site_id'] (uncast) + expect($funcs)->not->toContain("'-sid=' . \$dbinfo['site_id']"); + }); + + it('device rescan uses int cast for device_id', function () use ($funcs) { + expect($funcs)->toContain('(int)$dbinfo[\'device_id\']'); + }); + + it('site scan uses int cast for site_id', function () use ($funcs) { + expect($funcs)->toContain('(int)$dbinfo[\'site_id\']'); + }); +}); + +describe('SQL prepared statement fix regression', function () { + $funcs = file_get_contents(realpath(__DIR__ . '/../../lib/mactrack_functions.php')); + + it('mac_track_interfaces query uses prepared statement', function () use ($funcs) { + expect($funcs)->toContain('db_fetch_assoc_prepared('); + // the old raw-concat form must be gone + expect($funcs)->not->toContain('mac_track_interfaces WHERE device_id='); + }); + + it('mac_track_interfaces query uses ? placeholder', function () use ($funcs) { + expect($funcs)->toMatch('/db_fetch_assoc_prepared\s*\(\s*\'SELECT \* FROM mac_track_interfaces WHERE device_id = \?/'); + }); +}); + +describe('XSS fix regression', function () { + it('html_escape applied to site_name in all five view files', function () { + $viewFiles = [ + 'mactrack_view_arp.php', + 'mactrack_view_macs.php', + 'mactrack_view_ips.php', + 'mactrack_view_interfaces.php', + 'mactrack_view_dot1x.php', + ]; + $root = realpath(__DIR__ . '/../../'); + $missing = []; + foreach ($viewFiles as $f) { + $src = file_get_contents("$root/$f"); + if (!str_contains($src, "html_escape(\$site['site_name'])")) { + $missing[] = $f; + } + } + expect($missing)->toBeEmpty('missing html_escape for site_name: ' . implode(', ', $missing)); + }); + + it('html_escape applied to device_name and hostname in arp and macs views', function () { + $root = realpath(__DIR__ . '/../../'); + $missing = []; + foreach (['mactrack_view_arp.php', 'mactrack_view_macs.php'] as $f) { + $src = file_get_contents("$root/$f"); + if (!str_contains($src, "html_escape(\$filter_device['device_name'])")) { + $missing[] = "$f:device_name"; + } + if (!str_contains($src, "html_escape(\$filter_device['hostname'])")) { + $missing[] = "$f:hostname"; + } + } + expect($missing)->toBeEmpty('missing html_escape: ' . implode(', ', $missing)); + }); +}); diff --git a/tests/Pest.php b/tests/Pest.php new file mode 100644 index 0000000..174d7fd --- /dev/null +++ b/tests/Pest.php @@ -0,0 +1,3 @@ +&1', $output, $returnCode); // nosemgrep: php.lang.security.exec-use.exec-use -- phpBin is PHP_BINARY (constant); file is escapeshellarg'd glob result + if ($returnCode !== 0) { + $failures[] = basename($file) . ': ' . implode(' ', $output); + } + } + + expect($failures)->toBeEmpty('PHP syntax errors: ' . implode('; ', $failures)); + }); + + it('all lib PHP files parse without syntax errors', function () { + $root = realpath(__DIR__ . '/../../'); + $phpBin = PHP_BINARY; + $libFiles = glob($root . '/lib/*.php'); + $failures = []; + + foreach ($libFiles as $file) { + $output = []; + $returnCode = 0; + exec("$phpBin -l " . escapeshellarg($file) . ' 2>&1', $output, $returnCode); // nosemgrep: php.lang.security.exec-use.exec-use -- phpBin is PHP_BINARY (constant); file is escapeshellarg'd glob result + if ($returnCode !== 0) { + $failures[] = basename($file) . ': ' . implode(' ', $output); + } + } + + expect($failures)->toBeEmpty('PHP syntax errors in lib/: ' . implode('; ', $failures)); + }); +}); + +describe('plugin required hooks and functions', function () { + $setup = file_get_contents(realpath(__DIR__ . '/../../setup.php')); + + it('setup.php defines all required Cacti plugin hook functions', function () use ($setup) { + $required = [ + 'plugin_mactrack_install', + 'plugin_mactrack_uninstall', + 'plugin_mactrack_version', + 'plugin_mactrack_check_config', + 'plugin_mactrack_upgrade', + ]; + + $missing = []; + foreach ($required as $fn) { + if (!str_contains($setup, "function $fn")) { + $missing[] = $fn; + } + } + + expect($missing)->toBeEmpty('Missing functions: ' . implode(', ', $missing)); + }); +}); + +describe('datasource file discovery', function () { + it('lib directory contains mactrack_functions.php', function () { + expect(file_exists(realpath(__DIR__ . '/../../lib/mactrack_functions.php')))->toBeTrue(); + }); + + it('lib directory contains at least one mactrack library file', function () { + $lib = glob(realpath(__DIR__ . '/../../lib/') . '/mactrack_*.php'); + expect(count($lib))->toBeGreaterThan(0); + }); +}); diff --git a/tests/Unit/PassthruHardeningTest.php b/tests/Unit/PassthruHardeningTest.php new file mode 100644 index 0000000..5ed336a --- /dev/null +++ b/tests/Unit/PassthruHardeningTest.php @@ -0,0 +1,30 @@ +toContain('(int)$dbinfo[\'device_id\']'); + }); + + it('casts site_id to int before passthru in site scan', function () use ($funcs) { + expect($funcs)->toContain('(int)$dbinfo[\'site_id\']'); + }); + + it('annotates passthru calls with nosemgrep explaining the safety rationale', function () use ($funcs) { + $count = substr_count($funcs, 'nosemgrep: php.lang.security.exec-use.exec-use'); + expect($count)->toBe(2, 'both passthru calls should have nosemgrep annotations'); + }); + + it('does not use extra_args variable in passthru command (injection surface removed)', function () use ($funcs) { + // $extra_args was replaced with inline int-cast concatenations + $commandLines = []; + preg_match_all('/\$command\s*=.*passthru.*\n/s', $funcs, $commandLines); + // The commands should include (int) cast, not bare $extra_args + $passthruLines = []; + preg_match_all('/passthru\(\$command\);.*/', $funcs, $passthruLines); + expect(count($passthruLines[0]))->toBe(2); + }); +}); diff --git a/tests/Unit/UnserializeHardeningTest.php b/tests/Unit/UnserializeHardeningTest.php new file mode 100644 index 0000000..6808b10 --- /dev/null +++ b/tests/Unit/UnserializeHardeningTest.php @@ -0,0 +1,43 @@ +\s*false\]\s*\)/", + $macs, + $safeMatches + ); + $bare = preg_match_all( + "/unserialize\s*\(\s*get_nfilter_request_var\s*\([^)]+\)\s*\)/", + $macs, + $bareMatches + ); + expect($safe)->toBeGreaterThanOrEqual(1, 'at least one safe unserialize with allowed_classes:false'); + expect($bare)->toBe(0, 'no bare unserialize of user input without allowed_classes'); + }); + + it('does not have any bare unserialize of get_nfilter_request_var across the codebase', function () { + $phpFiles = glob(realpath(__DIR__ . '/../../') . '/*.php'); + $phpFiles = array_merge($phpFiles, glob(realpath(__DIR__ . '/../../lib/') . '/*.php')); + + $violations = []; + + foreach ($phpFiles as $file) { + $source = file_get_contents($file); + if (preg_match('/unserialize\s*\(\s*get_nfilter_request_var/', $source) && + !preg_match("/unserialize\s*\([^,]+,\s*\['allowed_classes'\s*=>\s*false\]/", $source)) { + $violations[] = basename($file); + } + } + + expect($violations)->toBeEmpty('these files have unsafe unserialize: ' . implode(', ', $violations)); + }); + + it('uses sanitize_unserialize_selected_items for integer id arrays', function () use ($macs) { + expect($macs)->toContain('sanitize_unserialize_selected_items'); + }); +}); diff --git a/tests/Unit/XssEscapingTest.php b/tests/Unit/XssEscapingTest.php new file mode 100644 index 0000000..1c7264a --- /dev/null +++ b/tests/Unit/XssEscapingTest.php @@ -0,0 +1,76 @@ +toContain("html_escape(\$site['site_name'])"); + expect($arp)->not->toContain("'>' . \$site['site_name'] . ''"); + }); + + it('escapes device_name and hostname in mactrack_view_arp.php select option', function () use ($arp) { + expect($arp)->toContain("html_escape(\$filter_device['device_name'])"); + expect($arp)->toContain("html_escape(\$filter_device['hostname'])"); + expect($arp)->not->toContain("'>' . \$filter_device['device_name']"); + }); + + it('escapes site_name in mactrack_view_macs.php select option', function () use ($macs) { + expect($macs)->toContain("html_escape(\$site['site_name'])"); + expect($macs)->not->toContain("'>' . \$site['site_name'] . ''"); + }); + + it('escapes device_name and hostname in mactrack_view_macs.php select option', function () use ($macs) { + expect($macs)->toContain("html_escape(\$filter_device['device_name'])"); + expect($macs)->toContain("html_escape(\$filter_device['hostname'])"); + }); + + it('escapes mac address list entry in mactrack_view_macs.php', function () use ($macs) { + expect($macs)->toContain('html_escape(mactrack_format_mac($mac))'); + expect($macs)->not->toMatch("/'\\.\\s*mactrack_format_mac\\(\\\\\\$mac\\)\\s*\\.'<\\/li>'/"); + }); + + it('escapes site_name in mactrack_view_ips.php', function () use ($ips) { + expect($ips)->toContain("html_escape(\$site['site_name'])"); + }); + + it('escapes site_name in mactrack_view_interfaces.php', function () use ($iface) { + expect($iface)->toContain("html_escape(\$site['site_name'])"); + }); + + it('escapes device_name in mactrack_view_interfaces.php', function () use ($iface) { + expect($iface)->toContain('html_escape($device_name)'); + }); + + it('escapes site_name in mactrack_view_dot1x.php', function () use ($dot1x) { + expect($dot1x)->toContain("html_escape(\$site['site_name'])"); + }); + + it('escapes device_name in mactrack_devices.php', function () use ($devs) { + expect($devs)->toContain("html_escape(\$device['device_name'])"); + }); + + it('escapes hostname in mactrack_devices.php', function () use ($devs) { + expect($devs)->toContain("html_escape(\$device['hostname'])"); + }); + + it('escapes site_name in mactrack_devices.php select option', function () use ($devs) { + expect($devs)->toContain("html_escape(\$site['site_name'])"); + }); + + it('escapes site_name in lib/mactrack_functions.php', function () use ($funcs) { + expect($funcs)->toContain("html_escape(\$site['site_name'])"); + }); + + it('escapes device_type description and sysDescr_match in lib/mactrack_functions.php', function () use ($funcs) { + expect($funcs)->toContain("html_escape(\$device_type['description'])"); + expect($funcs)->toContain("html_escape(\$device_type['sysDescr_match'])"); + }); +}); diff --git a/tests/bootstrap.php b/tests/bootstrap.php new file mode 100644 index 0000000..a075e1e --- /dev/null +++ b/tests/bootstrap.php @@ -0,0 +1,5 @@ + Date: Sat, 16 May 2026 21:31:54 -0700 Subject: [PATCH 13/14] fix(security): cacti_escapeshellarg for command_string in passthru calls Wrap both passthru command_string arguments with cacti_escapeshellarg(). Admin-configured paths with spaces would break silently without escaping. Also document why bare escapeshellarg() is used in smoke tests: the Cacti bootstrap (and thus cacti_escapeshellarg) requires a DB connection that is unavailable in the Pest test context; $file values are glob-returned server-local paths, not user input. Signed-off-by: Thomas Vincent --- lib/mactrack_functions.php | 8 ++++---- tests/Smoke/PluginFilesSyntaxTest.php | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php index a16b10c..4c7a84a 100644 --- a/lib/mactrack_functions.php +++ b/lib/mactrack_functions.php @@ -3138,8 +3138,8 @@ function mactrack_rescan($web = false) { ob_start(); // execute the command, and show the results - $command = read_config_option('path_php_binary') . ' -q ' . $command_string . ' -id=' . (int)$dbinfo['device_id'] . ($web ? ' --web' : ''); - passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- path_php_binary is admin-configured; device_id cast to int; command_string is a server-local path + $command = cacti_escapeshellarg(read_config_option('path_php_binary')) . ' -q ' . cacti_escapeshellarg($command_string) . ' -id=' . (int)$dbinfo['device_id'] . ($web ? ' --web' : ''); + passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- php binary and script path are admin-configured and cacti_escapeshellarg'd; device_id cast to int $data['content'] = ob_get_clean(); } @@ -3177,8 +3177,8 @@ function mactrack_site_scan($web = false) { ob_start(); // execute the command, and show the results - $command = read_config_option('path_php_binary') . ' -q ' . $command_string . ' --web -sid=' . (int)$dbinfo['site_id']; - passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- path_php_binary is admin-configured; site_id cast to int; command_string is a server-local path + $command = cacti_escapeshellarg(read_config_option('path_php_binary')) . ' -q ' . cacti_escapeshellarg($command_string) . ' --web -sid=' . (int)$dbinfo['site_id']; + passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- php binary and script path are admin-configured and cacti_escapeshellarg'd; site_id cast to int $data['content'] = ob_get_clean(); } diff --git a/tests/Smoke/PluginFilesSyntaxTest.php b/tests/Smoke/PluginFilesSyntaxTest.php index 5e03ac6..352fea5 100644 --- a/tests/Smoke/PluginFilesSyntaxTest.php +++ b/tests/Smoke/PluginFilesSyntaxTest.php @@ -12,6 +12,7 @@ foreach ($rootFiles as $file) { $output = []; $returnCode = 0; + // bare escapeshellarg(): cacti_escapeshellarg() requires the full Cacti bootstrap (DB connection, config); $file is a glob-returned server-local path, not user input exec("$phpBin -l " . escapeshellarg($file) . ' 2>&1', $output, $returnCode); // nosemgrep: php.lang.security.exec-use.exec-use -- phpBin is PHP_BINARY (constant); file is escapeshellarg'd glob result if ($returnCode !== 0) { $failures[] = basename($file) . ': ' . implode(' ', $output); @@ -30,6 +31,7 @@ foreach ($libFiles as $file) { $output = []; $returnCode = 0; + // bare escapeshellarg(): cacti_escapeshellarg() requires the full Cacti bootstrap (DB connection, config); $file is a glob-returned server-local path, not user input exec("$phpBin -l " . escapeshellarg($file) . ' 2>&1', $output, $returnCode); // nosemgrep: php.lang.security.exec-use.exec-use -- phpBin is PHP_BINARY (constant); file is escapeshellarg'd glob result if ($returnCode !== 0) { $failures[] = basename($file) . ': ' . implode(' ', $output); From 1eb01359e4628ba79e019d04b00c4e59b84262eb Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Sat, 16 May 2026 21:39:44 -0700 Subject: [PATCH 14/14] fix(security): rename command_string to script_path, drop dead extra_args $command_string held only bare filesystem paths at both passthru sites, but the name implied it could carry embedded shell arguments. Renaming to $script_path makes the invariant explicit and aligns with the nosemgrep comment. Remove the $extra_args assignments that became dead code when the passthru commands were rewritten with inline (int) casts. Add a comment documenting that --web is unconditional in mactrack_site_scan: the function is only reachable via AJAX (mactrack_ajax.php), never from CLI, so the asymmetry with mactrack_device_rescan is intentional. Add two tests asserting the bare-path invariant and the unconditional --web behaviour so future changes cannot silently regress either property. Signed-off-by: Thomas Vincent --- lib/mactrack_functions.php | 15 +++++++-------- tests/Unit/PassthruHardeningTest.php | 11 +++++++++++ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/lib/mactrack_functions.php b/lib/mactrack_functions.php index 4c7a84a..784303b 100644 --- a/lib/mactrack_functions.php +++ b/lib/mactrack_functions.php @@ -3127,8 +3127,7 @@ function mactrack_rescan($web = false) { mactrack_log_action(__('Device Rescan \'%s\'', $dbinfo['hostname'], 'mactrack')); // create the command script - $command_string = $config['base_path'] . '/plugins/mactrack/mactrack_scanner.php'; - $extra_args = ' -id=' . $dbinfo['device_id'] . ($web ? ' --web' : ''); + $script_path = $config['base_path'] . '/plugins/mactrack/mactrack_scanner.php'; // print out the type, and device_id $data['device_id'] = get_request_var('device_id'); @@ -3138,8 +3137,8 @@ function mactrack_rescan($web = false) { ob_start(); // execute the command, and show the results - $command = cacti_escapeshellarg(read_config_option('path_php_binary')) . ' -q ' . cacti_escapeshellarg($command_string) . ' -id=' . (int)$dbinfo['device_id'] . ($web ? ' --web' : ''); - passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- php binary and script path are admin-configured and cacti_escapeshellarg'd; device_id cast to int + $command = cacti_escapeshellarg(read_config_option('path_php_binary')) . ' -q ' . cacti_escapeshellarg($script_path) . ' -id=' . (int)$dbinfo['device_id'] . ($web ? ' --web' : ''); + passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- php binary and script_path are admin-configured bare paths, cacti_escapeshellarg'd; device_id cast to int $data['content'] = ob_get_clean(); } @@ -3167,8 +3166,7 @@ function mactrack_site_scan($web = false) { mactrack_log_action(__('Site scan \'%s\'', $dbinfo['site_name'], 'mactrack')); // create the command script - $command_string = $config['base_path'] . '/plugins/mactrack/poller_mactrack.php'; - $extra_args = ' --web -sid=' . $dbinfo['site_id']; + $script_path = $config['base_path'] . '/plugins/mactrack/poller_mactrack.php'; // print out the type, and device_id $data['site_id'] = $site_id; @@ -3177,8 +3175,9 @@ function mactrack_site_scan($web = false) { ob_start(); // execute the command, and show the results - $command = cacti_escapeshellarg(read_config_option('path_php_binary')) . ' -q ' . cacti_escapeshellarg($command_string) . ' --web -sid=' . (int)$dbinfo['site_id']; - passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- php binary and script path are admin-configured and cacti_escapeshellarg'd; site_id cast to int + // --web is unconditional here: mactrack_site_scan() is only reached via AJAX (mactrack_ajax.php), never from CLI + $command = cacti_escapeshellarg(read_config_option('path_php_binary')) . ' -q ' . cacti_escapeshellarg($script_path) . ' --web -sid=' . (int)$dbinfo['site_id']; + passthru($command); // nosemgrep: php.lang.security.exec-use.exec-use -- php binary and script_path are admin-configured bare paths, cacti_escapeshellarg'd; site_id cast to int $data['content'] = ob_get_clean(); } diff --git a/tests/Unit/PassthruHardeningTest.php b/tests/Unit/PassthruHardeningTest.php index 5ed336a..4fc5e80 100644 --- a/tests/Unit/PassthruHardeningTest.php +++ b/tests/Unit/PassthruHardeningTest.php @@ -27,4 +27,15 @@ preg_match_all('/passthru\(\$command\);.*/', $funcs, $passthruLines); expect(count($passthruLines[0]))->toBe(2); }); + + it('site scan always passes --web flag (AJAX-only entry point by design)', function () use ($funcs) { + // mactrack_site_scan() is only reached via AJAX; --web is unconditional, unlike device rescan + expect($funcs)->toContain("' --web -sid=' . (int)\$dbinfo['site_id']"); + }); + + it('script paths are bare filesystem paths with no embedded arguments', function () use ($funcs) { + // cacti_escapeshellarg() quotes the entire value as one token; embedded flags would break the command + expect($funcs)->toContain("\$script_path = \$config['base_path'] . '/plugins/mactrack/mactrack_scanner.php'"); + expect($funcs)->toContain("\$script_path = \$config['base_path'] . '/plugins/mactrack/poller_mactrack.php'"); + }); });