getrrdimage.cgi: Allow more non-word characters in the URL

author Leo-Andres Hofmann <hofmann@leo-andres.de>

Thu, 13 May 2021 09:27:04 +0000 (11:27 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Fri, 14 May 2021 11:35:16 +0000 (11:35 +0000)
author Leo-Andres Hofmann <hofmann@leo-andres.de>
Thu, 13 May 2021 09:27:04 +0000 (11:27 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Fri, 14 May 2021 11:35:16 +0000 (11:35 +0000)
diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi

index 34ee4bf7aa83b26eba44c714b108a0071487e476..c08247c571965ecd51428ba1032b6938ad533895 100644 (file)
--- a/html/cgi-bin/getrrdimage.cgi
+++ b/html/cgi-bin/getrrdimage.cgi
@@ -50,7 +50,7 @@ my $graph = $query{'graph'};
  my $range = lc $query{'range'}; # lower case
  
  # Check parameters
-unless(($origin =~ /^\w+?\.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) {
+unless(($origin =~ /^\w+?\.cgi$/) && ($graph =~ /^[\w\-.,; ]+?$/) && ($range ~~ @Graphs::time_ranges)) {
         # Send HTTP headers
         _start_png_output();
author	Leo-Andres Hofmann <hofmann@leo-andres.de>
	Thu, 13 May 2021 09:27:04 +0000 (11:27 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Fri, 14 May 2021 11:35:16 +0000 (11:35 +0000)