From e6133be6095b8900b86bd982d435d8b901a47a28 Mon Sep 17 00:00:00 2001
From: Peter Wu
Date: Sun, 20 Jul 2014 17:03:32 +0200
Subject: Escape file argument for rrd_info

Also init info_array in case the output is empty.
---
 inc/rrdtool.class.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'inc')

diff --git a/inc/rrdtool.class.php b/inc/rrdtool.class.php
index f7907ec..6b7d949 100644
--- a/inc/rrdtool.class.php
+++ b/inc/rrdtool.class.php
@@ -14,8 +14,13 @@ class RRDTool {
 
 	function rrd_info($rrdfile) {
 		if (file_exists($rrdfile)) {
-			$raw_info = shell_exec($this->rrdtool.' info '.$rrdfile);
+			$raw_info = shell_exec(
+				escapeshellarg($this->rrdtool)
+				. " info " .
+				escapeshellarg($rrdfile)
+			);
 			$raw_array = explode("\n", $raw_info);
+			$info_array = array();
 			foreach ($raw_array as $key => $info) {
 				if ($info != "") {
 					$item_info = explode(" = ", $info);
@@ -23,7 +28,7 @@ class RRDTool {
 					$info_array[$item_info[0]] = $item_info[1];
 				}
 			}
-			return($info_array);
+			return $info_array;
 		} else {
 			return false;
 		}
-- 
cgit v1.1