Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>

On 13/05/2021 11:27, Leo-Andres Hofmann wrote:
> As discussed in bug #12615
>
> Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
> ---
>   html/cgi-bin/getrrdimage.cgi | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi
> index 34ee4bf7a..c08247c57 100644
> --- a/html/cgi-bin/getrrdimage.cgi
> +++ b/html/cgi-bin/getrrdimage.cgi
> @@ -50,7 +50,7 @@ my $graph = $query{'graph'};
>   my $range = lc $query{'range'}; # lower case
>   
>   # Check parameters
> -unless(($origin =~ /^\w+?\.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) {
> +unless(($origin =~ /^\w+?\.cgi$/) && ($graph =~ /^[\w\-.,; ]+?$/) && ($range ~~ @Graphs::time_ranges)) {
>   	# Send HTTP headers
>   	_start_png_output();
>