From c932f370da4e7876a615e4cd8b23a281ac360c3a Mon Sep 17 00:00:00 2001
From: Pim van den Berg
Date: Sun, 29 Dec 2013 16:44:38 +0100
Subject: graph: add configurable limit to graph width/height

Closes: https://github.com/pommi/CGP/pull/34
---
 conf/config.php | 3 +++
 graph.php       | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/conf/config.php b/conf/config.php
index 5ce761b..26172b1 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -63,6 +63,9 @@ $CONFIG['height'] = 175;
 # default width/height of detailed graphs
 $CONFIG['detail-width'] = 800;
 $CONFIG['detail-height'] = 350;
+# max width/height of a graph (to prevent from OOM)
+$CONFIG['max-width'] = $CONFIG['detail-width'] * 2;
+$CONFIG['max-height'] = $CONFIG['detail-height'] * 2;
 
 # collectd's unix socket (unixsock plugin)
 # enabled: 'unix:///var/run/collectd-unixsock'
diff --git a/graph.php b/graph.php
index 37e442a..d170a6c 100644
--- a/graph.php
+++ b/graph.php
@@ -17,6 +17,11 @@ if (!file_exists($CONFIG['webdir'].'/plugin/'.$plugin.'.php')) {
 	error_image();
 }
 
+if ($width > $CONFIG['max-width'] || $height > $CONFIG['max-height']) {
+	error_log('Resquested image is too large. Please configure max-width and max-height.');
+	error_image();
+}
+
 # load plugin
 include $CONFIG['webdir'].'/plugin/'.$plugin.'.php';
 
-- 
cgit v1.1