From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: [PATCH] getrrdimage.cgi: Allow more non-word characters in the URL
Date: Fri, 14 May 2021 09:14:25 +0200
Message-ID: <fdfa2316-ff23-f765-fea1-7c73113ea20a@ipfire.org>
In-Reply-To: <20210513092705.1043-1-hofmann@leo-andres.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8210315916038902879=="
List-Id: <development.lists.ipfire.org>

--===============8210315916038902879==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

> As discussed in bug #12615
>=20
> Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
> ---
>  html/cgi-bin/getrrdimage.cgi | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi
> index 34ee4bf7a..c08247c57 100644
> --- a/html/cgi-bin/getrrdimage.cgi
> +++ b/html/cgi-bin/getrrdimage.cgi
> @@ -50,7 +50,7 @@ my $graph =3D $query{'graph'};
>  my $range =3D lc $query{'range'}; # lower case
> =20
>  # Check parameters
> -unless(($origin =3D~ /^\w+?\.cgi$/) && ($graph =3D~ /^[\w-]+?$/) && ($rang=
e ~~ @Graphs::time_ranges)) {
> +unless(($origin =3D~ /^\w+?\.cgi$/) && ($graph =3D~ /^[\w\-.,; ]+?$/) && (=
$range ~~ @Graphs::time_ranges)) {
>  	# Send HTTP headers
>  	_start_png_output();
>  =09
>=20

--===============8210315916038902879==--