When using collection3 as a CGI, the following error is sent to logs
repeatedly.
FastCGI sent in stderr: "CGI::param called in list context from
/usr/share/doc/collectd-core/examples/collection3/lib/Collectd/Graph/Common.pm
line 529, this can lead to vulnerabilities. See the warning in
"Fetching the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 412"
This is caused inappropriate usage of param(), it should be handled as
a scalar or should be treated by multi_param() explicitly.
Signed-off-by: Kentaro Hayashi <kenhys@gmail.com>
for (qw(hostname plugin plugin_instance type type_instance))
{
my $part = $_;
- my @temp = param ($part);
+ my @temp = multi_param ($part);
if (!@temp)
{
next;
sub get_timespan_selection
{
my $ret = 86400;
- if (param ('timespan'))
+ if (scalar param ('timespan'))
{
- my $temp = int (param ('timespan'));
+ my $temp = int (scalar param ('timespan'));
if ($temp && ($temp > 0))
{
$ret = $temp;
$ret{$_} = 0;
}
- for (param ('hostname'))
+ for (multi_param ('hostname'))
{
my $host = _sanitize_generic_allow_minus ($_);
if (defined ($ret{$host}))
$ret{$_} = 0;
}
- for (param ('plugin'))
+ for (multi_param ('plugin'))
{
if (defined ($ret{$_}))
{