mirror of https://github.com/mikaku/Monitorix.git
fixed a DOM based XSS and a potential DoS vulnerabilities that affected the 'when' parameter of the 'monitorix.cgi' file
This commit is contained in:
parent
1c25ed8550
commit
3851d0a96c
3
Changes
3
Changes
|
@ -12,6 +12,9 @@ N.N.N - DD-MMM-2015
|
|||
- Fixed to force a rigid scale in the memory graph.
|
||||
(thanks to Lane Russell, lanerussell028 AT gmail.com for pointing this out)
|
||||
- Fixed the scale of the y-axis in 'du'.
|
||||
- Fixed a DOM based XSS and a potential DoS vulnerabilities that affected the
|
||||
'when' parameter of the 'monitorix.cgi' file.
|
||||
(thanks to Dolev Farhi, farhi AT F5.com for pointing this out)
|
||||
- Small cosmetic changes.
|
||||
|
||||
|
||||
|
|
|
@ -332,7 +332,7 @@ $colors{graph_bg_color} = $config{theme}->{$color}->{graph_bg};
|
|||
$colors{gap} = $config{theme}->{$color}->{gap};
|
||||
|
||||
|
||||
($tf{twhen}) = ($when =~ m/(hour|day|week|month|year)$/);
|
||||
($tf{twhen}) = ($when =~ m/^\d+(hour|day|week|month|year)$/);
|
||||
($tf{nwhen} = $when) =~ s/$tf{twhen}// unless !$tf{twhen};
|
||||
$tf{nwhen} = 1 unless $tf{nwhen};
|
||||
$tf{twhen} = "day" unless $tf{twhen};
|
||||
|
|
Loading…
Reference in New Issue