As discussed in bug #12615
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de --- html/cgi-bin/getrrdimage.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi index 34ee4bf7a..c08247c57 100644 --- a/html/cgi-bin/getrrdimage.cgi +++ b/html/cgi-bin/getrrdimage.cgi @@ -50,7 +50,7 @@ my $graph = $query{'graph'}; my $range = lc $query{'range'}; # lower case
# Check parameters -unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) { +unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-.,; ]+?$/) && ($range ~~ @Graphs::time_ranges)) { # Send HTTP headers _start_png_output();
Reviewed-by: Adolf Belka adolf.belka@ipfire.org
On 13/05/2021 11:27, Leo-Andres Hofmann wrote:
As discussed in bug #12615
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
html/cgi-bin/getrrdimage.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi index 34ee4bf7a..c08247c57 100644 --- a/html/cgi-bin/getrrdimage.cgi +++ b/html/cgi-bin/getrrdimage.cgi @@ -50,7 +50,7 @@ my $graph = $query{'graph'}; my $range = lc $query{'range'}; # lower case
# Check parameters -unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) { +unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-.,; ]+?$/) && ($range ~~ @Graphs::time_ranges)) { # Send HTTP headers _start_png_output();
Reviewed-by: Peter Müller peter.mueller@ipfire.org
As discussed in bug #12615
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
html/cgi-bin/getrrdimage.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi index 34ee4bf7a..c08247c57 100644 --- a/html/cgi-bin/getrrdimage.cgi +++ b/html/cgi-bin/getrrdimage.cgi @@ -50,7 +50,7 @@ my $graph = $query{'graph'}; my $range = lc $query{'range'}; # lower case
# Check parameters -unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) { +unless(($origin =~ /^\w+?.cgi$/) && ($graph =~ /^[\w-.,; ]+?$/) && ($range ~~ @Graphs::time_ranges)) { # Send HTTP headers _start_png_output();
-
Adolf Belka -
Leo-Andres Hofmann -
Peter Müller