From: Leo-Andres Hofmann <hofmann@leo-andres.de>
Date: Thu, 13 May 2021 09:27:04 +0000 (+0200)
Subject: getrrdimage.cgi: Allow more non-word characters in the URL
X-Git-Tag: v2.25-core157~12^2~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a276dfba7a4228aef22af1c669bec8012715f4a4;p=ipfire-2.x.git

getrrdimage.cgi: Allow more non-word characters in the URL

As discussed in bug #12615

Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/getrrdimage.cgi b/html/cgi-bin/getrrdimage.cgi
index 34ee4bf7aa..c08247c571 100644
--- a/html/cgi-bin/getrrdimage.cgi
+++ b/html/cgi-bin/getrrdimage.cgi
@@ -50,7 +50,7 @@ my $graph = $query{'graph'};
 my $range = lc $query{'range'}; # lower case
 
 # Check parameters
-unless(($origin =~ /^\w+?\.cgi$/) && ($graph =~ /^[\w-]+?$/) && ($range ~~ @Graphs::time_ranges)) {
+unless(($origin =~ /^\w+?\.cgi$/) && ($graph =~ /^[\w\-.,; ]+?$/) && ($range ~~ @Graphs::time_ranges)) {
 	# Send HTTP headers
 	_start_png_output();