From 3fd10f9e4adb28da89ced5eb3e71c7536f308918 Mon Sep 17 00:00:00 2001
From: Peter Wu
Date: Sun, 20 Jul 2014 16:11:08 +0200
Subject: security: Add missing input validation for plugin

This is a security bug. The contents of the file are not
immediately disclosed, but it could disclose environment information
to the attacker (when display_errors=1 and an ancient PHP version
is used that does not check for '\0' in `file_exists()`).
---
 graph.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'graph.php')

diff --git a/graph.php b/graph.php
index 0b7cee5..1727c1b 100644
--- a/graph.php
+++ b/graph.php
@@ -23,7 +23,7 @@ $typesdb = parse_typesdb_file($CONFIG['typesdb']);
 
 if ($plugin == 'aggregation') {
 	$pi = explode("-", GET('pi'));
-	$plugin = $_GET['p'] = $pi[0];
+	$plugin = $_GET['p'] = validate_get($pi[0], 'plugin');
 }
 
 # plugin json
-- 
cgit v1.1