Ticket #42857: patch-base.diff

File patch-base.diff, 21.0 KB (added by jul_bsd@…, 11 years ago)
  • base_db_common.php

    diff -urN ../base-1.4.5.orig/base_db_common.php ./base_db_common.php
    old new  
    8080            " "._ERRPHPERROR2."</FONT>";
    8181  }
    8282
    83   if ( ($DBtype == "mysql") || ($DBtype == "mysqlt") )
     83  if ( ($DBtype == "mysql") || ($DBtype == "mysqlt") || ($DBtype == "mysqli"))
    8484  {
    8585     if ( !(function_exists("mysql_connect")) )
    8686     {
  • base_graph_display.php

    diff -urN ../base-1.4.5.orig/base_graph_display.php ./base_graph_display.php
    old new  
    114114  else
    115115  {
    116116    // Create the graph area, legends on bottom -- Alejandro
    117     $Graph =& new Image_Graph(array('driver'=>'gd',
     117    $Graph = new Image_Graph(array('driver'=>'gd',
    118118                                    'width'=>$width,
    119119                                    'height'=>$height));
    120120  }
     
    320320
    321321      // special case '"I0" => "private network (rfc 1918)"' and
    322322      // '"** (private network) " => "private network (rfc 1918)"'
    323       if (ereg("rfc 1918", $tmp, $substring) || (ereg("[*][*] \(private network\) ", $tmp_lower, $substring)))
     323      if (preg_match("/rfc 1918/", $tmp, $substring) || (preg_match("/[*][*] \(private network\) /", $tmp_lower, $substring)))
    324324      {
    325325        $Dataset->addPoint("private network (rfc 1918)", $xdata[$i][1]);
    326326      }
    327327      // special case '?? (Not Found) ' => 'unknown'
    328       elseif(ereg("[?][?][ \t]+\(Not Found\)[ \t]*", $tmp, $substring))
     328      elseif(preg_match("/[?][?][ \t]+\(Not Found\)[ \t]*/", $tmp, $substring))
    329329      {
    330330        $Dataset->addPoint("unknown", $xdata[$i][1]);
    331331      }
    332332      // anything inside parentheses, following a 2-letter TLD:
    333       elseif (ereg("^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$", $tmp, $substring))
     333      elseif (preg_match("/^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$/", $tmp, $substring))
    334334      {
    335335        $Dataset->addPoint($substring[1], $xdata[$i][1]);
    336336      }
    337337      // anything after two-letter top level domain names and after one space or tab:
    338       elseif (ereg("[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)", $tmp, $substring))
     338      elseif (preg_match("/[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)/", $tmp, $substring))
    339339      {
    340340        $Dataset->addPoint($substring[1], $xdata[$i][1]);
    341341      }
    342342      // two-letter top level domain names right at the beginning:
    343       elseif (ereg("[ \t]*([-a-zA-Z0-9]{2})[ \t]", $tmp_lower, $substring))
     343      elseif (preg_match("/[ \t]*([-a-zA-Z0-9]{2})[ \t]/", $tmp_lower, $substring))
    344344      {
    345345        $Dataset->addPoint($substring[1], $xdata[$i][1]);
    346346      }
  • base_qry_common.php

    diff -urN ../base-1.4.5.orig/base_qry_common.php ./base_qry_common.php
    old new  
    773773           }
    774774        }
    775775        /* if have chosen the address type to be both source and destination */
    776         if ( ereg("ip_both", $tmp) )
     776        if ( preg_match("/ip_both/", $tmp) )
    777777        {
    778            $tmp_src = ereg_replace("ip_both","ip_src",$tmp);
    779            $tmp_dst = ereg_replace("ip_both","ip_dst",$tmp);
     778           $tmp_src = preg_replace("/ip_both/","ip_src",$tmp);
     779           $tmp_dst = preg_replace("/ip_both/","ip_dst",$tmp);
    780780           
    781781           if ( $ip_addr[$i][2] == '=' )
    782782             $tmp = "(".$tmp_src.') OR ('.$tmp_dst.')';
  • base_qry_sqlcalls.php

    diff -urN ../base-1.4.5.orig/base_qry_sqlcalls.php ./base_qry_sqlcalls.php
    old new  
    259259           $line = split (" ", $current_sig_txt);
    260260           foreach ($line as $ps_element)
    261261           {
    262              if ( ereg("[0-9]*\.[0-9]*\.[0-9]*\.[0-9]", $ps_element)  )
     262             if ( preg_match("/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]/", $ps_element)  )
    263263             {
    264                 $ps_element = ereg_replace (":", "", $ps_element);
     264                $ps_element = preg_replace ("/:/", "", $ps_element);
    265265                qroPrintEntry("<A HREF=\"base_stat_ipaddr.php?ip=".$ps_element."&amp;netmask=32\">".
    266266                              $ps_element."</A>");
    267267             }
  • base_stat_common.php

    diff -urN ../base-1.4.5.orig/base_stat_common.php ./base_stat_common.php
    old new  
    312312   if (!stristr($where, "WHERE") && $where != "")
    313313        $where = " WHERE $where ";
    314314
    315    if ( $db->DB_type == "mysql" )
     315   if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli" )
    316316   {
    317317     if ( $join == "" && $where == "")
    318318       $result = $db->baseExecute("SELECT COUNT(DISTINCT acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM acid_event");
  • base_stat_ipaddr.php

    diff -urN ../base-1.4.5.orig/base_stat_ipaddr.php ./base_stat_ipaddr.php
    old new  
    135135   print "</PRE><BR>\n";
    136136   */
    137137
    138    if(ereg($ip, $contents)) {
     138   if(preg_match("/$ip/", $contents)) {
    139139     $total++;
    140140     if( $total % 2 == 0 ) {
    141141        $color="DDDDDD";
     
    143143        $color="FFFFFF";
    144144     }
    145145
    146      $contents = ereg_replace("  ", " ", $contents);
     146     $contents = preg_replace("/  /", " ", $contents);
    147147     $elements = explode(" ", $contents);
    148148
    149149     echo '<tr bgcolor="'.$color.'"><td align="center">'.
     
    183183     print "</PRE></TD>";
    184184
    185185     /*
    186      ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[3],$store);
     186     preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[3],$store);
    187187     $source_ip = $store[1];
    188188     $source_port = $store[2];
    189189     if (empty($source_ip))
     
    197197     echo '<td align="center">' . $source_ip  . '</td>';
    198198     echo '<td align="center">' . $source_port . '</td>';
    199199
    200      ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[5],$store);
     200     preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[5],$store);
    201201     $destination_ip = $store[1];
    202202     $destination_port = $store[2];
    203203     if (empty($destination_ip))
  • includes/base_db.inc.php

    diff -urN ../base-1.4.5.orig/includes/base_db.inc.php ./includes/base_db.inc.php
    old new  
    7777  {
    7878     GLOBAL $sql_trace_mode, $sql_trace_file;
    7979 
    80      $this->DB = NewADOConnection();
     80     // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
     81     if ($this->DB_type == 'mysql') {
     82         if (extension_loaded('mysqli')) {
     83             $this->DB_type = 'mysqli';
     84         } else {
     85             $this->DB_type = 'mysql';
     86         }
     87     }
     88
     89     $this->DB = NewADOConnection($this->DB_type);
    8190     $this->DB_name = $database;
    8291     $this->DB_host = $host;
    8392     $this->DB_port = $port;
     
    108117
    109118     /* Set the database schema version number */
    110119     $sql = "SELECT vseq FROM schema";
    111      if ($this->DB_type == "mysql") $sql = "SELECT vseq FROM `schema`";
     120     if ($this->DB_type == "mysql" || $this->DB_type == "mysqli") $sql = "SELECT vseq FROM `schema`";
    112121     if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM [schema]";
    113122
    114123     $result = $this->DB->Execute($sql);
     
    138147  function basePConnect($database, $host, $port, $username, $password)
    139148  {
    140149     GLOBAL $sql_trace_mode, $sql_trace_file;
     150     
     151     // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
     152     if ($this->DB_type == 'mysql') {
     153         if (extension_loaded('mysqli')) {
     154             $this->DB_type = 'mysqli';
     155         } else {
     156             $this->DB_type = 'mysql';
     157         }
     158     }
    141159
    142      $this->DB = NewADOConnection();
     160     $this->DB = NewADOConnection($this->DB_type);
    143161     $this->DB_name = $database;
    144162     $this->DB_host = $host;
    145163     $this->DB_port = $port;
     
    171189     /* Set the database schema version number */
    172190     $sql = "SELECT vseq FROM schema";
    173191     if ($this->DB_type == "mssql") $sql = "SELECT vseq FROM [schema]";
    174      if ($this->DB_type == "mysql") $sql = "SELECT vseq FROM `schema`";
     192     if ($this->DB_type == "mysql" || $this->DB_type == "mysqli") $sql = "SELECT vseq FROM `schema`";
    175193
    176194     $result = $this->DB->Execute($sql);
    177195     if ( $this->baseErrorMessage() != "" )
     
    209227     /* ** Begin DB specific SQL fix-up ** */
    210228     if ($this->DB_type == "mssql")
    211229     {
    212         $sql = eregi_replace("''", "NULL", $sql);
     230        $sql = preg_replace("/''/i", "NULL", $sql);
    213231     }
    214232
    215233     if ($this->DB_type == "oci8")
     
    231249        $rs = new baseRS($this->DB->Execute($sql), $this->DB_type);
    232250     else
    233251     {
    234         if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
     252        if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
    235253             ($this->DB_type == "maxsql") )
    236254        {
    237255           $rs =  new baseRS($this->DB->Execute($sql." LIMIT ".$start_row.", ".$num_rows),
     
    321339   * the current point, so it can't be here and needs to be in the actual script after calling this function
    322340   *  -- srh (02/01/2001)
    323341   */
    324      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
     342     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
    325343          ($this->DB_type == "maxsql") || ($this->DB_type == "mssql"))
    326344        return $this->DB->Insert_ID();
    327345     else if ($this->DB_type == "postgres" ||($this->DB_type == "oci8"))
     
    336354
    337355  function baseSQL_YEAR($func_param, $op, $timestamp)
    338356  {
    339      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
     357     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
    340358          ($this->DB_type == "maxsql") || ($this->DB_type == "mssql") )
    341359        return " YEAR($func_param) $op $timestamp ";
    342360     else if( $this->DB_type == "oci8" )
     
    347365
    348366  function baseSQL_MONTH($func_param, $op, $timestamp)
    349367  {
    350      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") ||
     368     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") ||
    351369          ($this->DB_type == "maxsql") || ($this->DB_type == "mssql") )
    352370        return " MONTH($func_param) $op $timestamp ";
    353371     else if( $this->DB_type == "oci8" )
     
    358376
    359377  function baseSQL_DAY($func_param, $op, $timestamp)
    360378  {
    361      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
     379     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
    362380        return " DAYOFMONTH($func_param) $op $timestamp ";
    363381     else if($this->DB_type == "oci8")
    364382        return " to_number( to_char( $func_param, 'DD' ) ) $op $timestamp ";
     
    370388
    371389  function baseSQL_HOUR($func_param, $op, $timestamp)
    372390  {
    373      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
     391     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
    374392        return " HOUR($func_param) $op $timestamp ";
    375393     else if($this->DB_type == "oci8")
    376394        return " to_number( to_char( $func_param, 'HH' ) ) $op $timestamp ";
     
    382400
    383401  function baseSQL_MINUTE($func_param, $op, $timestamp)
    384402  {
    385      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
     403     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
    386404        return " MINUTE($func_param) $op $timestamp ";
    387405     else if($this->DB_type == "oci8")
    388406        return " to_number( to_char( $func_param, 'MI' ) ) $op $timestamp ";
     
    394412
    395413  function baseSQL_SECOND($func_param, $op, $timestamp)
    396414  {
    397      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
     415     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
    398416        return " SECOND($func_param) $op $timestamp ";
    399417     else if($this->DB_type == "oci8")
    400418        return " to_number( to_char( $func_param, 'SS' ) ) $op $timestamp ";
     
    406424
    407425  function baseSQL_UNIXTIME($func_param, $op, $timestamp)
    408426  {
    409      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
     427     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
    410428     {
    411429        return " UNIX_TIMESTAMP($func_param) $op $timestamp ";
    412430     }
     
    432450
    433451  function baseSQL_TIMESEC($func_param, $op, $timestamp)
    434452  {
    435      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") )
     453     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") )
    436454        return " TIME_TO_SEC($func_param) $op $timestamp ";
    437455     else if($this->DB_type == "oci8")
    438456        return " to_number( $func_param ) $op $timestamp ";
     
    549567 
    550568     // Is This if statement necessary?  -- Kevin
    551569     /* MS SQL Server 7, MySQL, Sybase, and Postgres natively support this function */
    552      if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "maxsql") ||
     570     if ( ($this->DB_type == "mysql") || ($this->DB_type == "mysqlt") || ($this->DB_type == "mysqli") || ($this->DB_type == "maxsql") ||
    553571          ($this->DB_type == "mssql") || ($this->DB_type == "sybase") || ($this->DB_type == "postgres") || ($this->DB_type == "oci8"))
    554572        return $this->row->RecordCount();
    555573
     
    623641  if ( !(
    624642          ($type == "mysql") ||
    625643          ($type == "mysqlt") ||
     644          ($type == "mysqli") ||
    626645          ($type == "maxsql") ||
    627646          ($type == "postgres") ||
    628647          ($type == "mssql") ||
  • includes/base_net.inc.php

    diff -urN ../base-1.4.5.orig/includes/base_net.inc.php ./includes/base_net.inc.php
    old new  
    391391        $line = explode(" ", $response_l[$i]);
    392392        for ($j=0; $j < sizeof($line); $j++ )
    393393        {
    394           if ( eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $line[$j]) )
     394          if ( preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $line[$j]) )
    395395          {
    396396             if ( $email == "" )
    397397                $email = $line[$j];
  • includes/base_signature.inc.php

    diff -urN ../base-1.4.5.orig/includes/base_signature.inc.php ./includes/base_signature.inc.php
    old new  
    139139      {
    140140         if ($tmp_ref_system_name == "snort")
    141141         {
    142            if (ereg("([0-9]+):([0-9]+)", $ref_tag, $backref))
     142           if (preg_match("/([0-9]+):([0-9]+)/", $ref_tag, $backref))
    143143           {
    144144             if ($backref[1] == "1")
    145145             {
  • includes/base_state_citems.inc.php

    diff -urN ../base-1.4.5.orig/includes/base_state_citems.inc.php ./includes/base_state_citems.inc.php
    old new  
    963963      for ( $i = 0; $i < $this->criteria_cnt; $i++ )
    964964      {
    965965        if ( (isset ($this->criteria[$i][3])) &&
    966              (ereg("([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)", $this->criteria[$i][3])) )
     966             (preg_match("/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/", $this->criteria[$i][3])) )
    967967        {
    968968           $tmp_ip_str = $this->criteria[$i][7] = $this->criteria[$i][3];
    969969           $this->criteria[$i][3] = strtok($tmp_ip_str, ".");
  • includes/base_state_common.inc.php

    diff -urN ../base-1.4.5.orig/includes/base_state_common.inc.php ./includes/base_state_common.inc.php
    old new  
    181181   if ( ($valid_data & VAR_SCORE) > 0 )
    182182      $regex_mask = $regex_mask . "\-";
    183183
    184    return ereg_replace("[^".$regex_mask."]", "", $item);
     184   return preg_replace("/[^".$regex_mask."]/", "", $item);
    185185}
    186186
    187187/* ***********************************************************************
  • includes/base_state_criteria.inc.php

    diff -urN ../base-1.4.5.orig/includes/base_state_criteria.inc.php ./includes/base_state_criteria.inc.php
    old new  
    252252   if ( isset($_POST['current_view']) ) $query_string .= "&amp;current_view=".$_POST['current_view'];
    253253   if ( isset($_POST['submit']) ) $query_string .= "&amp;submit=".$_POST['submit'];
    254254
    255    $query_string = ereg_replace("back=1&", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
     255   $query_string = preg_replace("/back=1&/", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
    256256
    257257   ++$_SESSION['back_list_cnt'];
    258258   $_SESSION['back_list'][$_SESSION['back_list_cnt']] = 
  • setup/setup2.php

    diff -urN ../base-1.4.5.orig/setup/setup2.php ./setup/setup2.php
    old new  
    6868   $arcdbpasswd = ImportHTTPVar("arcdbpasswd");
    6969   $arcdbname = ImportHTTPVar("arcdbname", VAR_ALPHA | VAR_SCORE | VAR_USCORE);
    7070
     71   // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
     72   if ($dbtype == 'mysql') {
     73       if (extension_loaded('mysqli')) {
     74           $dbtype = 'mysqli';
     75       } else {
     76          $dbtype = 'mysql';
     77       }
     78   }
     79
    7180   $db = NewADOConnection($dbtype);
    7281   $dbconnect = $db->Connect( ( ( $dbport == "") ? $dbhost : ($dbhost.":".$dbport) ),
    7382                              $dbusername, $dbpasswd, $dbname);
  • setup/setup_db.inc.php

    diff -urN ../base-1.4.5.orig/setup/setup_db.inc.php ./setup/setup_db.inc.php
    old new  
    4545     }
    4646
    4747     if ( !$tblBaseAG_present ) {
    48         if ( $db->DB_type == "mysql" ) {
     48        if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
    4949           $sql = 'CREATE TABLE acid_ag ( ag_id               INT           UNSIGNED NOT NULL AUTO_INCREMENT,
    5050                                          ag_name             VARCHAR(40),
    5151                                          ag_desc             TEXT,
     
    114114     }
    115115
    116116     if ( !$tblBaseAGAlert_present ) {
    117         if ( $db->DB_type == "mysql" ) {
     117        if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
    118118           $sql = 'CREATE TABLE acid_ag_alert( ag_id               INT           UNSIGNED NOT NULL,
    119119                                               ag_sid              INT           UNSIGNED NOT NULL,
    120120                                               ag_cid              INT           UNSIGNED NOT NULL,
     
    151151     }
    152152
    153153     if ( !$tblBaseIPCache_present ) {
    154         if ( $db->DB_type == "mysql" ) {
     154        if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
    155155           $sql = 'CREATE TABLE acid_ip_cache( ipc_ip                  INT UNSIGNED NOT NULL,
    156156                                               ipc_fqdn                VARCHAR(50),
    157157                                               ipc_dns_timestamp       DATETIME,
     
    193193     }
    194194
    195195     if ( !$tblBaseEvent_present ) {
    196            if ( $db->DB_type == "mysql" ) { 
     196           if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
    197197              if ( $db->baseGetDBversion() < 100 )
    198198                 $sig_ddl = "signature      VARCHAR(255) NOT NULL,";
    199199              else
     
    319319     
    320320     /* Added for base_roles and base_users -- Kevin */
    321321     if ( !$tblBaseRoles_present ) {
    322            if ( $db->DB_type == "mysql" ) {
     322           if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
    323323              $sql = 'CREATE TABLE base_roles ( role_id           int(11)         NOT NULL,
    324324                                                role_name         varchar(20)     NOT NULL,
    325325                                                role_desc         varchar(75)     NOT NULL,
     
    385385     }
    386386
    387387     if ( !$tblBaseUsers_present ) {
    388            if ( $db->DB_type == "mysql" ) {
     388           if ( $db->DB_type == "mysql" || $db->DB_type == "mysqli") {
    389389              $sql = 'CREATE TABLE base_users ( usr_id            int(11)          NOT NULL,
    390390                                                usr_login         varchar(25)      NOT NULL,
    391391                                                usr_pwd           varchar(32)      NOT NULL,