fixed a DOM based XSS and a potential DoS vulnerabilities that affected the 'when' parameter of the 'monitorix.cgi' file

This commit is contained in:
Jordi Sanfeliu 2015-11-13 12:56:40 +01:00
parent 1c25ed8550
commit 3851d0a96c
2 changed files with 4 additions and 1 deletions

View File

@ -12,6 +12,9 @@ N.N.N - DD-MMM-2015
- Fixed to force a rigid scale in the memory graph.
(thanks to Lane Russell, lanerussell028 AT gmail.com for pointing this out)
- Fixed the scale of the y-axis in 'du'.
- Fixed a DOM based XSS and a potential DoS vulnerabilities that affected the
'when' parameter of the 'monitorix.cgi' file.
(thanks to Dolev Farhi, farhi AT F5.com for pointing this out)
- Small cosmetic changes.

View File

@ -332,7 +332,7 @@ $colors{graph_bg_color} = $config{theme}->{$color}->{graph_bg};
$colors{gap} = $config{theme}->{$color}->{gap};
($tf{twhen}) = ($when =~ m/(hour|day|week|month|year)$/);
($tf{twhen}) = ($when =~ m/^\d+(hour|day|week|month|year)$/);
($tf{nwhen} = $when) =~ s/$tf{twhen}// unless !$tf{twhen};
$tf{nwhen} = 1 unless $tf{nwhen};
$tf{twhen} = "day" unless $tf{twhen};