From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo-Andres Hofmann <hofmann@leo-andres.de>
To: development@lists.ipfire.org
Subject: [PATCH] getrrdimage.cgi: Allow more non-word characters in the URL
Date: Thu, 13 May 2021 11:27:04 +0200
Message-ID: <20210513092705.1043-1-hofmann@leo-andres.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6558708285555335192=="
List-Id: <development.lists.ipfire.org>

--===============6558708285555335192==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

As discussed in bug #12615

Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
---
 html/cgi-bin/getrrdimage.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi
index 34ee4bf7a..c08247c57 100644
--- a/html/cgi-bin/getrrdimage.cgi
+++ b/html/cgi-bin/getrrdimage.cgi
@@ -50,7 +50,7 @@ my $graph =3D $query{'graph'};
 my $range =3D lc $query{'range'}; # lower case
=20
 # Check parameters
-unless(($origin =3D~ /^\w+?\.cgi$/) && ($graph =3D~ /^[\w-]+?$/) && ($range =
~~ @Graphs::time_ranges)) {
+unless(($origin =3D~ /^\w+?\.cgi$/) && ($graph =3D~ /^[\w\-.,; ]+?$/) && ($r=
ange ~~ @Graphs::time_ranges)) {
 	# Send HTTP headers
 	_start_png_output();
 =09
--=20
2.27.0.windows.1


--===============6558708285555335192==--