backport: hardening and bugfixes for main stable#283
Open
somethingwithproof wants to merge 507 commits intoCacti:mainfrom
Open
backport: hardening and bugfixes for main stable#283somethingwithproof wants to merge 507 commits intoCacti:mainfrom
somethingwithproof wants to merge 507 commits intoCacti:mainfrom
Conversation
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ Translation: Cacti/syslog
Currently translated at 33.8% (126 of 372 strings) Co-authored-by: Anatoliy <hamrad99h2@gmail.com> Translate-URL: http://translate.cacti.net/projects/cacti/syslog/ru/ Translation: Cacti/syslog
Updated by "Squash Git commits" hook in Weblate. Translation: Cacti/syslog Translate-URL: http://translate.cacti.net/projects/cacti/syslog/
This changes cleans up some logging as well.
Contributor
There was a problem hiding this comment.
Pull request overview
Consolidated backport that hardens the Syslog plugin and rolls in multiple bugfixes, with additional tooling/docs updates to support newer Cacti/PHP environments.
Changes:
- Added/updated localization assets and helper scripts for gettext generation.
- Refactored/consolidated frontend JS into
js/functions.js, and expanded DB wrapper utilities. - Added CI workflow + test data population script, plus documentation/versioning updates.
Reviewed changes
Copilot reviewed 38 out of 95 changed files in this pull request and generated 16 comments.
Show a summary per file
| File | Description |
|---|---|
locales/po/es-ES.po |
Adds Spanish (es_ES) translation catalog for Syslog UI strings |
locales/po/ar-SA.po |
Adds Arabic (ar_SA) translation catalog for Syslog UI strings |
locales/index.php |
Adds header block + normalizes redirect header quoting |
locales/build_gettext.sh |
Adds gettext build/merge/compile helper script |
locales/LC_MESSAGES/index.php |
Adds header block + normalizes redirect header quoting |
js/functions.js |
Centralizes Syslog plugin JS previously inlined in PHP |
index.php |
Adds header block; normalizes redirect |
images/index.php |
Adds header block + normalizes redirect header quoting |
database.php |
Expands/modernizes syslog DB wrapper API incl. prepared helpers and utility methods |
contrib/snmptt-syslog-connector.py |
Adds a contrib SNMPTT → syslog_incoming connector script |
config_local.php.dist |
Adds local syslog config template (incl. ssl/retries/install options) |
config.php.dist |
Extends DB config options (retries/SSL) + updates incoming field mappings |
README.md |
Major doc refresh: features, install notes, rsyslog examples, DB notes |
LICENSE |
Updates GPL text formatting/address (but currently contains conflict markers) |
INFO |
Updates plugin metadata (version/compat/capabilities) |
CHANGELOG.md |
Adds a standalone changelog capturing issues/features across versions |
.mdlrc |
Adds markdownlint configuration |
.mdl_style.rb |
Adds markdownlint style customizations |
.github/workflows/populate_syslog_incoming.sh |
Adds script to insert test syslog/rules data for CI |
.github/workflows/plugin-ci-workflow.yml |
Adds GitHub Actions workflow to run integration checks against Cacti + Syslog |
.github/copilot-instructions.md |
Adds repository-specific Copilot guidance for Syslog plugin development |
.github/agents/triage_agent.md.agent.md |
Adds agent definition doc for triage workflow |
.github/agents/triage_agent.agent.md |
Adds triage agent definition (duplicate/alternate) |
.github/agents/php-developer.agent.md |
Adds PHP developer agent definition |
.github/agents/mysql-mariadb.agent.md |
Adds MySQL/MariaDB DBA agent definition |
.github/agents/code-quality.agent.md |
Adds code-quality agent definition |
.github/ISSUE_TEMPLATE/feature_request.md |
Adds feature request issue template |
.github/ISSUE_TEMPLATE/bug_report.md |
Adds bug report issue template |
.github/ISSUE_TEMPLATE/agents/php-developer.agent.md |
Adds agent template copy for PHP developer |
.github/ISSUE_TEMPLATE/agents/mysql-mariadb.agent.md |
Adds agent template copy for MySQL/MariaDB |
.github/ISSUE_TEMPLATE/agents/code-quality.agent.md |
Adds agent template copy for code quality |
You can also share your feedback on Copilot code review. Take the survey.
database.php
Outdated
Comment on lines
173
to
179
| * @param $syslog_cnn - the connection object to connect to | ||
| * | ||
| * @return the id of the last auto incriment row that was created | ||
| */ | ||
| function syslog_db_fetch_insert_id() { | ||
| global $syslog_cnn; | ||
| return db_fetch_insert_id($syslog_cnn); |
There was a problem hiding this comment.
This changes syslog_db_fetch_insert_id from taking a $syslog_cnn argument to taking none. In PHP 8+, existing call sites that still pass an argument will throw ArgumentCountError. To preserve backward compatibility, accept an optional parameter (or variadic) and fall back to global $syslog_cnn when not provided.
Suggested change
| * @param $syslog_cnn - the connection object to connect to | |
| * | |
| * @return the id of the last auto incriment row that was created | |
| */ | |
| function syslog_db_fetch_insert_id() { | |
| global $syslog_cnn; | |
| return db_fetch_insert_id($syslog_cnn); | |
| * @param object|null $syslog_cnn - (optional) the connection object to use; falls back to global $syslog_cnn when null | |
| * | |
| * @return the id of the last auto incriment row that was created | |
| */ | |
| function syslog_db_fetch_insert_id($syslog_cnn = null) { | |
| if ($syslog_cnn === null) { | |
| global $syslog_cnn; | |
| } | |
| return db_fetch_insert_id($syslog_cnn); |
Contributor
Author
There was a problem hiding this comment.
Fixed -- added optional param with null default.
|
|
||
| header("Location:../index.php"); | ||
| header('Location:../index.php'); | ||
|
|
There was a problem hiding this comment.
After sending a Location header, it’s best practice to terminate the script (exit;) to prevent any further output/side effects (especially if additional code is ever added later). Consider adding exit; after the redirect.
Suggested change
| exit; |
Member
There was a problem hiding this comment.
Take it out as the script exit's anyway after the location. Same in the other pull requests.
somethingwithproof
force-pushed
the
backport/main-hardening-v2
branch
3 times, most recently
from
2b8d746 to
a482d04
Compare
Currently translated at 100.0% (385 of 385 strings) Co-authored-by: Daniel Nylander <daniel@danielnylander.se> Translate-URL: https://translate.cacti.net/projects/cacti/syslog/sv/ Translation: Cacti/syslog
Currently translated at 100.0% (385 of 385 strings) Co-authored-by: Daniel Nylander <daniel@danielnylander.se> Translate-URL: https://translate.cacti.net/projects/cacti/syslog/sv/ Translation: Cacti/syslog
Updated by "Squash Git commits" hook in Weblate. Translation: Cacti/syslog Translate-URL: https://translate.cacti.net/projects/cacti/syslog/
Refs Cacti#266 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
…Cacti#271) Refs Cacti#271 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Refs Cacti#273 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Refs Cacti#280 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
added a commit
to somethingwithproof/plugin_syslog
that referenced
this pull request
Mar 16, 2026
- LICENSE: remove stale conflict markers
- database.php: restore backward-compat optional param on syslog_db_fetch_insert_id
- js/functions.js: fix missing var declaration, #test->#term, prop('disabled'), remove empty .each()
- CI workflow: authenticate MySQL healthcheck, remove password echo
- populate script: INSERT -> REPLACE INTO for idempotent reruns
- README.md: fix malformed code fence
- locales: add exit after redirect, fix sed -i for macOS compat
- es-ES.po: fix 'Cactus' -> 'Cacti', 'Depuraración' -> 'Depuración'
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
force-pushed
the
backport/main-hardening-v2
branch
from
a482d04 to
bf55698
Compare
Refs Cacti#281 Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
TheWitness
requested changes
Mar 18, 2026
Member
There was a problem hiding this comment.
Is the naming correct on this file. It looks very redundant.
|
|
||
| header("Location:../index.php"); | ||
| header('Location:../index.php'); | ||
|
|
Member
There was a problem hiding this comment.
Take it out as the script exit's anyway after the location. Same in the other pull requests.
- LICENSE: remove stale conflict markers
- database.php: restore backward-compat optional param on syslog_db_fetch_insert_id
- js/functions.js: fix missing var declaration, #test->#term, prop('disabled'), remove empty .each()
- CI workflow: authenticate MySQL healthcheck, remove password echo
- populate script: INSERT -> REPLACE INTO for idempotent reruns
- README.md: fix malformed code fence
- locales: add exit after redirect, fix sed -i for macOS compat
- es-ES.po: fix 'Cactus' -> 'Cacti', 'Depuraración' -> 'Depuración'
Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
somethingwithproof
force-pushed
the
backport/main-hardening-v2
branch
from
bf55698 to
da87864
Compare
Contributor
Author
|
Yes -- working on all four items now. |
somethingwithproof
added a commit
to somethingwithproof/plugin_syslog
that referenced
this pull request
Mar 18, 2026
- Remove $uniqueID filter from syslog_remove query (incorrectly filtered removal rules by random batch marker) - Reorder CI workflow: lint/PHPStan before integration tests - Switch echo to print in syslog_batch_transfer.php Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
- Remove $uniqueID filter from syslog_remove query (incorrectly filtered removal rules by random batch marker) - Reorder CI workflow: lint/PHPStan before integration tests - Switch echo to print in syslog_batch_transfer.php Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
Fix fullwidth percent signs and missing format specifiers. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consolidated backport of security and bugfix PRs.