function dispatchImageRequest() { genericAssertion('img', 'string'); global $pageno, $tabno; switch ($_REQUEST['img']) { case 'minirack': // rack security context $pageno = 'rack'; $tabno = 'default'; fixContext(); assertPermission(); dispatchMiniRackThumbRequest(getBypassValue()); break; case 'midirack': // rack security context $pageno = 'rack'; $tabno = 'default'; fixContext(); assertPermission(); genericAssertion('scale', 'uint'); # Scaling implies no caching, there is no special dispatching. header('Content-type: image/png'); printRackThumbImage(getBypassValue(), $_REQUEST['scale']); break; case 'preview': // file security context $pageno = 'file'; $tabno = 'download'; fixContext(); assertPermission(); renderImagePreview(getBypassValue()); break; case 'cactigraph': $pageno = 'object'; $tabno = 'cacti'; fixContext(); assertPermission(); genericAssertion('server_id', 'uint'); genericAssertion('graph_id', 'uint'); if (!array_key_exists($_REQUEST['graph_id'], getCactiGraphsForObject(getBypassValue()))) { throw new InvalidRequestArgException('graph_id', $_REQUEST['graph_id']); } proxyCactiRequest($_REQUEST['server_id'], $_REQUEST['graph_id']); break; case 'muningraph': $pageno = 'object'; $tabno = 'munin'; fixContext(); assertPermission(); genericAssertion('server_id', 'uint'); genericAssertion('graph', 'string'); if (!array_key_exists($_REQUEST['graph'], getMuninGraphsForObject(getBypassValue()))) { throw new InvalidRequestArgException('graph', $_REQUEST['graph']); } proxyMuninRequest($_REQUEST['server_id'], $_REQUEST['graph']); break; default: renderErrorImage(); } }
function dispatchImageRequest() { genericAssertion('img', 'string'); global $pageno, $tabno; switch ($_REQUEST['img']) { case 'minirack': // rack security context $pageno = 'rack'; $tabno = 'default'; fixContext(); assertPermission(); renderRackThumb(getBypassValue()); break; case 'preview': // file security context $pageno = 'file'; $tabno = 'download'; fixContext(); assertPermission(); renderImagePreview(getBypassValue()); break; case 'cactigraph': $pageno = 'object'; $tabno = 'cacti'; fixContext(); assertPermission(); genericAssertion('graph_id', 'uint'); if (!array_key_exists($_REQUEST['graph_id'], getCactiGraphsForObject(getBypassValue()))) { throw new InvalidRequestArgException('graph_id', $_REQUEST['graph_id']); } proxyCactiRequest($_REQUEST['graph_id']); break; default: renderErrorImage(); } }
# picture file is that the former is used in <IMG SRC=...> construct, # and the latter is accessed as a standalone URL and can reply with any # Content-type. Hence "image" module indicates failures with internally # built images, and "download" can return a full-fledged "permission # denied" or "exception" HTML page instead of the file requested. require_once 'inc/init.php'; // for authentication check require_once 'inc/solutions.php'; try { dispatchImageRequest(); } catch (RTPermissionDenied $e) { ob_clean(); renderAccessDeniedImage(); } catch (Exception $e) { ob_clean(); renderErrorImage(); } break; case 'svg' == $_REQUEST['module']: require_once 'inc/init.php'; require_once 'inc/solutions.php'; header('Content-Type: image/svg+xml'); echo '<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>' . "\n"; echo '<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">' . "\n"; try { genericAssertion('view', 'string'); if (!array_key_exists($_REQUEST['view'], $svghandler)) { throw new InvalidRequestArgException('view', $_REQUEST['view'], 'undefined view'); } if (!is_callable($svghandler[$_REQUEST['view']])) { throw new RackTablesError('missing handler function', RackTablesError::INTERNAL);