From 3fd10f9e4adb28da89ced5eb3e71c7536f308918 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Sun, 20 Jul 2014 16:11:08 +0200 Subject: security: Add missing input validation for plugin This is a security bug. The contents of the file are not immediately disclosed, but it could disclose environment information to the attacker (when display_errors=1 and an ancient PHP version is used that does not check for '\0' in `file_exists()`). --- graph.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'graph.php') diff --git a/graph.php b/graph.php index 0b7cee5..1727c1b 100644 --- a/graph.php +++ b/graph.php @@ -23,7 +23,7 @@ $typesdb = parse_typesdb_file($CONFIG['typesdb']); if ($plugin == 'aggregation') { $pi = explode("-", GET('pi')); - $plugin = $_GET['p'] = $pi[0]; + $plugin = $_GET['p'] = validate_get($pi[0], 'plugin'); } # plugin json -- cgit v1.1