diff options
author | Peter Wu | 2014-07-20 16:11:08 +0200 |
---|---|---|
committer | Peter Wu | 2014-07-20 23:23:24 +0200 |
commit | 3fd10f9e4adb28da89ced5eb3e71c7536f308918 (patch) | |
tree | fe21968ab76163246f389d319f2a3da2ade63f93 /graph.php | |
parent | Fix type confusion (diff) | |
download | apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.zip apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.tar.gz apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.tar.bz2 apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.tar.xz |
security: Add missing input validation for plugin
This is a security bug. The contents of the file are not
immediately disclosed, but it could disclose environment information
to the attacker (when display_errors=1 and an ancient PHP version
is used that does not check for '\0' in `file_exists()`).
Diffstat (limited to 'graph.php')
-rw-r--r-- | graph.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -23,7 +23,7 @@ $typesdb = parse_typesdb_file($CONFIG['typesdb']); | |||
23 | 23 | ||
24 | if ($plugin == 'aggregation') { | 24 | if ($plugin == 'aggregation') { |
25 | $pi = explode("-", GET('pi')); | 25 | $pi = explode("-", GET('pi')); |
26 | $plugin = $_GET['p'] = $pi[0]; | 26 | $plugin = $_GET['p'] = validate_get($pi[0], 'plugin'); |
27 | } | 27 | } |
28 | 28 | ||
29 | # plugin json | 29 | # plugin json |