Fix the glob() to return only the files, not the pathnames, use chdir()

before.
Fix a possible injection of ../ in the database path by using basename()
Fix the week graph math so it is correct.

1 files changed, 5 insertions, 4 deletions

diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php
index 567d272..321e6f9 100644
--- a/usr/local/www/status_rrd_graph_img.php
+++ b/usr/local/www/status_rrd_graph_img.php
@@ -28,7 +28,7 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 /*	
-	pfSense_BUILDER_BINARIES:	/usr/bin/find	/bin/rm	/usr/local/bin/rrdtool
+	pfSense_BUILDER_BINARIES:	/bin/rm	/usr/local/bin/rrdtool
 	pfSense_MODULE:	system
 */
 
@@ -40,7 +40,7 @@ require_once("rrd.inc");
 $pgtitle = array("System","RRD Graphs","Image viewer");
 
 if ($_GET['database']) {
-	$curdatabase = $_GET['database'];
+	$curdatabase = basename($_GET['database']);
 } else {
 	$curdatabase = "wan-traffic.rrd";
 }
@@ -146,8 +146,9 @@ $havg = timeDiff($average, $defOptions);
 $hperiod = timeDiff($seconds, $defOptions);
 $data = true;
 
-/* XXX: (billm) do we have an exec() type function that does this type of thing? */
-exec("cd $rrddbpath;/usr/bin/find -name *.rrd", $databases);
+$rrddbpath = "/var/db/rrd/";
+chdir($rrddbpath);
+$databases = glob("*.rrd");
 rsort($databases);
 
 /* compare bytes/sec counters, divide bps by 8 */