diff options
author | smos <seth.mos@dds.nl> | 2010-07-23 09:59:58 +0200 |
---|---|---|
committer | smos <seth.mos@dds.nl> | 2010-07-23 09:59:58 +0200 |
commit | 002bc4ab3268e6e5cb3a01ce73a4c1624d09050a (patch) | |
tree | 173bca4afaab7afd3756ba2e562902e48f4d09b0 /usr/local/www/status_rrd_graph_img.php | |
parent | d6a0379d291f5e98500776618559343f40254e40 (diff) | |
download | pfsense-002bc4ab3268e6e5cb3a01ce73a4c1624d09050a.zip pfsense-002bc4ab3268e6e5cb3a01ce73a4c1624d09050a.tar.gz |
Fix the glob() to return only the files, not the pathnames, use chdir()
before.
Fix a possible injection of ../ in the database path by using basename()
Fix the week graph math so it is correct.
Diffstat (limited to 'usr/local/www/status_rrd_graph_img.php')
-rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 567d272..321e6f9 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /usr/bin/find /bin/rm /usr/local/bin/rrdtool + pfSense_BUILDER_BINARIES: /bin/rm /usr/local/bin/rrdtool pfSense_MODULE: system */ @@ -40,7 +40,7 @@ require_once("rrd.inc"); $pgtitle = array("System","RRD Graphs","Image viewer"); if ($_GET['database']) { - $curdatabase = $_GET['database']; + $curdatabase = basename($_GET['database']); } else { $curdatabase = "wan-traffic.rrd"; } @@ -146,8 +146,9 @@ $havg = timeDiff($average, $defOptions); $hperiod = timeDiff($seconds, $defOptions); $data = true; -/* XXX: (billm) do we have an exec() type function that does this type of thing? */ -exec("cd $rrddbpath;/usr/bin/find -name *.rrd", $databases); +$rrddbpath = "/var/db/rrd/"; +chdir($rrddbpath); +$databases = glob("*.rrd"); rsort($databases); /* compare bytes/sec counters, divide bps by 8 */ |