1 files changed, 15 insertions, 0 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index a72a589..6642e51 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -30,6 +30,21 @@ function validate_get($value, $type) {
        return $value;
 }
+function validateRRDPath($base, $path) {
+        $realpath = realpath(sprintf('%s/%s', $base, $path));
+        if (strpos($realpath, $base) === false)
+                return false;
+        if (strpos($realpath, $base) !== 0)
+                return false;
+        if (!preg_match('/\.rrd$/', $realpath))
+                return false;
+        return $realpath;
+}
 function crc32hex($str) {
        return sprintf("%x",crc32($str));
 }

diff --git a/inc/functions.inc.php b/inc/functions.inc.php index a72a589..6642e51 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php
@@ -30,6 +30,21 @@ function validate_get($value, $type) {
30	return $value;	30	return $value;
31	}	31	}
32		32
		33	function validateRRDPath($base, $path) {
		34	$realpath = realpath(sprintf('%s/%s', $base, $path));
		35
		36	if (strpos($realpath, $base) === false)
		37	return false;
		38
		39	if (strpos($realpath, $base) !== 0)
		40	return false;
		41
		42	if (!preg_match('/\.rrd$/', $realpath))
		43	return false;
		44
		45	return $realpath;
		46	}
		47
33	function crc32hex($str) {	48	function crc32hex($str) {
34	return sprintf("%x",crc32($str));	49	return sprintf("%x",crc32($str));
35	}	50	}