diff options
| author | Peter Wu | 2014-07-20 16:11:08 +0200 |
|---|---|---|
| committer | Peter Wu | 2014-07-20 23:23:24 +0200 |
| commit | 3fd10f9e4adb28da89ced5eb3e71c7536f308918 (patch) | |
| tree | fe21968ab76163246f389d319f2a3da2ade63f93 /graph.php | |
| parent | Fix type confusion (diff) | |
| download | apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.zip apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.tar.gz apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.tar.bz2 apt-panopticon_cgp-3fd10f9e4adb28da89ced5eb3e71c7536f308918.tar.xz | |
security: Add missing input validation for plugin
This is a security bug. The contents of the file are not
immediately disclosed, but it could disclose environment information
to the attacker (when display_errors=1 and an ancient PHP version
is used that does not check for '\0' in `file_exists()`).
Diffstat (limited to 'graph.php')
| -rw-r--r-- | graph.php | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -23,7 +23,7 @@ $typesdb = parse_typesdb_file($CONFIG['typesdb']); | |||
| 23 | 23 | ||
| 24 | if ($plugin == 'aggregation') { | 24 | if ($plugin == 'aggregation') { |
| 25 | $pi = explode("-", GET('pi')); | 25 | $pi = explode("-", GET('pi')); |
| 26 | $plugin = $_GET['p'] = $pi[0]; | 26 | $plugin = $_GET['p'] = validate_get($pi[0], 'plugin'); |
| 27 | } | 27 | } |
| 28 | 28 | ||
| 29 | # plugin json | 29 | # plugin json |