![](https://secure.gravatar.com/avatar/21caf0a08d095be7196a1648d20942be.jpg?s=120&d=mm&r=g)
18 Jul
2013
18 Jul
'13
10:21 a.m.
On 07/18/2013 10:14 AM, Daniel Preussker wrote:
haha adam,
also I just found 2(maybe more to come?) bugs in addhost.php and discovery/poller/backend(?).
- Input is not stripped properly in addhost.php If I add a passphrase containing a '$'-char, it's taken as variable in PHP and it will try to substitute it (mostly to a blank string unless you hit an existing (internal) var)
I'm pretty sure you're not quoting it, and it gets interpreted by bash before even reaching PHP.
- Passphrases are chopped! I saw in the discovery debug output that all passphrases are chopped so (ofc) my snmpv3 auth-fails... I'm not sure where this happens though, addhost.php works fine using the entire passphrases...
Our DB field is probably too short, which means addhost uses its internal variable everywhere, and that works, but then it doesn't get stored correctly, leading to nonworking poll/disco.
Tom