Merge branch 'develop' into chore/test-db-sentinel

Author: somethingwithproof

cli/upgrade_database.php

@@ -175,7 +175,7 @@
 	db_execute_prepared('UPDATE version SET cacti = ?', [$cacti_upgrade_version]);
 
 	if (cacti_version_compare(CACTI_VERSION, $cacti_upgrade_version, '=')) {
-		db_execute("UPDATE version SET cacti = '" . CACTI_VERSION_FULL . "'");
+		db_execute_prepared('UPDATE version SET cacti = ?', [CACTI_VERSION_FULL]);
 
 		break;
 	}

install/functions.php

@@ -303,8 +303,13 @@ function install_unlink(string $file) : void {
 		$full_file = $file;
 	}
 
-	if (!str_contains($full_file, CACTI_PATH_BASE)) {
+	$real_base = realpath(CACTI_PATH_BASE);
+	$real_file = realpath($full_file);
+
+	if ($real_base === false || $real_file === false || !str_starts_with($real_file, $real_base . DIRECTORY_SEPARATOR)) {
 		log_install_high('file', "Not Unlinking file: $full_file due to it not being in the Cacti base path.");
+
+		return;
 	}
 
 	if (file_exists($full_file) && is_writable($full_file)) {
@@ -321,8 +326,13 @@ function install_rmdir(string $directory) : void {
 		$directory = CACTI_PATH_BASE . '/' . $directory;
 	}
 
-	if (!str_contains($directory, CACTI_PATH_BASE)) {
+	$real_base = realpath(CACTI_PATH_BASE);
+	$real_dir  = realpath($directory);
+
+	if ($real_base === false || $real_dir === false || !str_starts_with($real_dir, $real_base . DIRECTORY_SEPARATOR)) {
 		log_install_high('file', "Not Unlinking directory: $directory due to it not being in the Cacti base path.");
+
+		return;
 	}
 
 	if (file_exists($directory) && is_writable($directory)) {
@@ -348,8 +358,13 @@ function install_rmdir_recursive(string $directory, bool $del_parent = false) :
 		$directory = CACTI_PATH_BASE . '/' . $directory;
 	}
 
-	if (!str_contains($directory, CACTI_PATH_BASE)) {
+	$real_base = realpath(CACTI_PATH_BASE);
+	$real_dir  = realpath($directory);
+
+	if ($real_base === false || $real_dir === false || !str_starts_with($real_dir, $real_base . DIRECTORY_SEPARATOR)) {
 		log_install_high('file', "Not Unlinking directory: $directory due to it not being in the Cacti base path.");
+
+		return;
 	}
 
 	$files = glob($directory . '/{,.}[!.,!..]*',GLOB_MARK | GLOB_BRACE);
@@ -1384,12 +1399,16 @@ function import_colors() : bool {
 			$hex     = $parts[1];
 			$name    = $parts[2];
 
-			$id = db_fetch_cell("SELECT hex FROM colors WHERE hex='$hex'");
+			if (!preg_match('/^[0-9a-fA-F]{6}$/', $hex)) {
+				continue;
+			}
+
+			$id = db_fetch_cell_prepared('SELECT hex FROM colors WHERE hex = ?', [$hex]);
 
 			if (!empty($id)) {
-				db_execute("UPDATE colors SET name='$name', read_only='on' WHERE hex='$hex'");
+				db_execute_prepared('UPDATE colors SET name = ?, read_only = \'on\' WHERE hex = ?', [$name, $hex]);
 			} else {
-				db_execute("INSERT IGNORE INTO colors (name, hex, read_only) VALUES ('$name', '$hex', 'on')");
+				db_execute_prepared('INSERT IGNORE INTO colors (name, hex, read_only) VALUES (?, ?, \'on\')', [$name, $hex]);
 			}
 		}
 	}

install/upgrades/1_3_0.php

@@ -41,7 +41,7 @@ function upgrade_to_1_3_0() : void {
 	db_install_add_column('host', ['name' => 'snmp_retries', 'type' => 'tinyint(3) unsigned', 'NULL' => false, 'default' => '3', 'after' => 'snmp_timeout']);
 	db_install_add_column('host', ['name' => 'current_errors', 'type' => 'int(10)', 'unsigned' => true, 'default' => '0', 'after' => 'polling_time']);
 
-	db_add_index('host', 'INDEX', 'current_errors', ['current_errors']);
+	db_install_add_key('host', 'INDEX', 'current_errors', ['current_errors']);
 
 	db_install_add_column('poller_item', ['name' => 'snmp_retries', 'type' => 'tinyint(3) unsigned', 'NULL' => false, 'default' => '3', 'after' => 'snmp_timeout']);
 
@@ -82,11 +82,11 @@ function upgrade_to_1_3_0() : void {
 	db_install_add_column('data_template', ['name' => 'last_updated', 'type' => 'timestamp', 'null' => false, 'default' => 'CURRENT_TIMESTAMP']);
 	db_install_add_column('snmp_query', ['name' => 'last_updated', 'type' => 'timestamp', 'null' => false, 'default' => 'CURRENT_TIMESTAMP']);
 
-	db_add_index('data_input_data', 'INDEX', 'data_template_id', ['data_template_id']);
-	db_add_index('data_input_data', 'INDEX', 'local_data_id', ['local_data_id']);
-	db_add_index('data_input_data', 'INDEX', 'host_id', ['host_id']);
+	db_install_add_key('data_input_data', 'INDEX', 'data_template_id', ['data_template_id']);
+	db_install_add_key('data_input_data', 'INDEX', 'local_data_id', ['local_data_id']);
+	db_install_add_key('data_input_data', 'INDEX', 'host_id', ['host_id']);
 
-	db_add_index('poller_output_boost', 'INDEX', 'time', ['time']);
+	db_install_add_key('poller_output_boost', 'INDEX', 'time', ['time']);
 
 	db_install_add_column('host_snmp_query', ['name' => 'reindex_last_runtime', 'type' => 'timestamp', 'null' => false, 'default' => 'CURRENT_TIMESTAMP']);
 	db_install_add_column('host_snmp_query', ['name' => 'reindex_last_duration', 'type' => 'double', 'unsigned' => true, 'null' => false, 'default' => '0']);
@@ -288,8 +288,8 @@ function upgrade_to_1_3_0() : void {
 			ADD INDEX last_updated(last_updated)');
 	}
 
-	db_install_execute("ALTER TABLE `settings` MODIFY `name` varchar(75) not null default ''");
-	db_install_execute("ALTER TABLE `settings_user` MODIFY `name` varchar(75) not null default ''");
+	db_install_execute("ALTER TABLE `settings` MODIFY `name` varchar(255) not null default ''");
+	db_install_execute("ALTER TABLE `settings_user` MODIFY `name` varchar(255) not null default ''");
 
 	$tables = [
 		'aggregate_graph_templates' => [
@@ -687,10 +687,10 @@ function upgrade_reports() : void {
 						);
 
 						break;
-					case 10: // Hours
+					case 11: // Hours
 						db_execute_prepared('UPDATE reports
 							SET sched_type = ?,
-							enabled = ?
+							enabled = ?,
 							recur_every = ?,
 							next_start = ?,
 							last_started = ?

lib/plugins.php

@@ -1054,31 +1054,41 @@ function api_plugin_moveup(string $plugin) : void {
 		[$plugin]);
 
 	if (!empty($id)) {
-		$temp_id = db_fetch_cell('SELECT MAX(id) FROM plugin_config') + 1;
-
 		$prior_id = db_fetch_cell_prepared('SELECT MAX(id)
 			FROM plugin_config
 			WHERE id < ?',
 			[$id]);
 
-		// update the above plugin to the prior temp id
-		db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$temp_id, $prior_id]);
-		db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$prior_id, $id]);
-		db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$id, $temp_id]);
+		// MAX() on an empty set returns NULL; without a guard, the UPDATE
+		// below would set id = NULL on the current plugin, which non-strict
+		// MariaDB/MySQL silently stores as 0, corrupting the primary key.
+		if (!empty($prior_id)) {
+			$temp_id = db_fetch_cell('SELECT MAX(id) FROM plugin_config') + 1;
+
+			db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$temp_id, $prior_id]);
+			db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$prior_id, $id]);
+			db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$id, $temp_id]);
+		}
 	}
 
 	api_plugin_replicate_config();
 }
 
 function api_plugin_movedown(string $plugin) : void {
-	$id      = db_fetch_cell_prepared('SELECT id FROM plugin_config WHERE directory = ?', [$plugin]);
-	$temp_id = db_fetch_cell('SELECT MAX(id) FROM plugin_config') + 1;
-	$next_id = db_fetch_cell_prepared('SELECT MIN(id) FROM plugin_config WHERE id > ?', [$id]);
-
-	// update the above plugin to the prior temp id
-	db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$temp_id, $next_id]);
-	db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$next_id, $id]);
-	db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$id, $temp_id]);
+	$id = db_fetch_cell_prepared('SELECT id FROM plugin_config WHERE directory = ?', [$plugin]);
+
+	if (!empty($id)) {
+		$next_id = db_fetch_cell_prepared('SELECT MIN(id) FROM plugin_config WHERE id > ?', [$id]);
+
+		// MIN() on an empty set returns NULL; same NULL→0 corruption risk as moveup.
+		if (!empty($next_id)) {
+			$temp_id = db_fetch_cell('SELECT MAX(id) FROM plugin_config') + 1;
+
+			db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$temp_id, $next_id]);
+			db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$next_id, $id]);
+			db_execute_prepared('UPDATE plugin_config SET id = ? WHERE id = ?', [$id, $temp_id]);
+		}
+	}
 
 	api_plugin_replicate_config();
 }

lib/utility.php

@@ -1362,6 +1362,20 @@ function utilities_get_mysql_recommendations() : int {
 		];
 	}
 
+	if ($database == 'MariaDB' && version_compare($version, '11.8', '>=')) {
+		// MariaDB 11.8 enabled innodb_snapshot_isolation=ON by default (MDEV-39628).
+		// Under this mode, concurrent UPDATE statements on any InnoDB table can block
+		// for tens of thousands of seconds even when the table has only a handful of
+		// rows. Cacti's poller cycle issues many rapid UPDATEs; this setting makes
+		// those updates contend in ways that can freeze the entire poller.
+		$recommendations['innodb_snapshot_isolation'] = [
+			'value'   => 'OFF',
+			'measure' => 'equalint',
+			'class'   => 'error',
+			'comment' => __('MariaDB 11.8 enabled innodb_snapshot_isolation=ON by default. This causes severe lock contention: UPDATE statements can block for tens of thousands of seconds on small tables under concurrent load, which stalls the Cacti poller. Set innodb_snapshot_isolation=OFF in your [mysqld] configuration. See MDEV-39628.')
+		];
+	}
+
 	if (file_exists('/etc/my.cnf.d/server.cnf')) {
 		$location = '/etc/my.cnf.d/server.cnf';
 	} else {

plugins.php

@@ -389,7 +389,15 @@ function plugins_load_temp_table() : string {
 
 			db_execute("CREATE TEMPORARY TABLE IF NOT EXISTS $table LIKE plugin_config");
 			db_execute("TRUNCATE $table");
+
+			// Cacti strips NO_AUTO_VALUE_ON_ZERO on connect (database.php). Without it,
+			// a row with id=0 in plugin_config (e.g. from a plugin upgrade script) is
+			// reassigned by AUTO_INCREMENT to the next sequence value, causing a 1062
+			// collision when another row already holds that id.
+			$orig_sql_mode = db_fetch_cell('SELECT @@SESSION.sql_mode');
+			db_execute("SET SESSION sql_mode = CONCAT_WS(',', @@SESSION.sql_mode, 'NO_AUTO_VALUE_ON_ZERO')");
 			db_execute("INSERT INTO $table SELECT * FROM plugin_config");
+			db_execute_prepared('SET SESSION sql_mode = ?', [$orig_sql_mode]);
 
 			break;
 		} else {