From da067f6df3064c019ae9c22432ccf99a08a84915 Mon Sep 17 00:00:00 2001
From: Peter Wu
Date: Mon, 21 Jul 2014 00:11:24 +0200
Subject: Fix overly permissive hostname validation, fix host check

`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that
`\w` is a superset of it.

Also check that the host parameter is actually non-empty, otherwise
`collectd_plugins` will happily return results as the directory
`$CONFIG['datadir'] . '/' . ''` trivially exists...
---
 host.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'host.php')

diff --git a/host.php b/host.php
index 97f4dae..a19aecc 100644
--- a/host.php
+++ b/host.php
@@ -15,7 +15,7 @@ printf("<fieldset id=\"%s\">", htmlentities($host));
 printf("<legend>%s</legend>", htmlentities($host));
 
 
-if (!$plugins = collectd_plugins($host)) {
+if (!strlen($host) || !$plugins = collectd_plugins($host)) {
 	echo "Unknown host\n";
 	return false;
 }
-- 
cgit v1.1