diff options
author | Pim van den Berg | 2010-01-01 19:36:31 +0100 |
---|---|---|
committer | Pim van den Berg | 2010-01-01 19:36:31 +0100 |
commit | bc31ed0e4647a568a1596cc2e09664675479a70d (patch) | |
tree | 9670e334534e18a9588e18d3feabbcb3a67e734e /graph.php | |
parent | add swap_io support (diff) | |
download | apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.zip apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.gz apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.bz2 apt-panopticon_cgp-bc31ed0e4647a568a1596cc2e09664675479a70d.tar.xz |
better validation of possible user input (get)
Diffstat (limited to 'graph.php')
-rw-r--r-- | graph.php | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -1,21 +1,24 @@ | |||
1 | <?php | 1 | <?php |
2 | 2 | ||
3 | require_once 'conf/common.inc.php'; | 3 | require_once 'conf/common.inc.php'; |
4 | require_once 'inc/functions.inc.php'; | ||
4 | 5 | ||
6 | $plugin = validate_get($_GET['p'], 'plugin'); | ||
5 | $width = empty($_GET['x']) ? $CONFIG['width'] : $_GET['x']; | 7 | $width = empty($_GET['x']) ? $CONFIG['width'] : $_GET['x']; |
6 | $heigth = empty($_GET['y']) ? $CONFIG['heigth'] : $_GET['y']; | 8 | $heigth = empty($_GET['y']) ? $CONFIG['heigth'] : $_GET['y']; |
7 | 9 | ||
8 | if (!preg_match('/^[a-z]+$/', $_GET['p'])) { | 10 | if (validate_get($_GET['h'], 'host') === NULL) { |
9 | die_img('Error: plugin contains unknown characters.'); | 11 | die_img('Error: plugin contains unknown characters.'); |
10 | exit; | 12 | exit; |
11 | } | 13 | } |
12 | 14 | ||
13 | if (!file_exists($CONFIG['webdir'].'/plugin/'.$_GET['p'].'.php')) { | 15 | if (!file_exists($CONFIG['webdir'].'/plugin/'.$plugin.'.php')) { |
14 | die_img(sprintf('Error: plugin not available (%s).', $_GET['p'])); | 16 | die_img(sprintf('Error: plugin not available (%s).', $plugin)); |
15 | exit; | 17 | exit; |
16 | } | 18 | } |
17 | 19 | ||
18 | include $CONFIG['webdir'].'/plugin/'.$_GET['p'].'.php'; | 20 | # load plugin |
21 | include $CONFIG['webdir'].'/plugin/'.$plugin.'.php'; | ||
19 | 22 | ||
20 | 23 | ||
21 | function die_img($msg) { | 24 | function die_img($msg) { |