diff options
| author | smos <seth.mos@dds.nl> | 2010-07-23 09:59:58 +0200 |
|---|---|---|
| committer | smos <seth.mos@dds.nl> | 2010-07-23 09:59:58 +0200 |
| commit | 002bc4ab3268e6e5cb3a01ce73a4c1624d09050a (patch) | |
| tree | 173bca4afaab7afd3756ba2e562902e48f4d09b0 /usr | |
| parent | d6a0379d291f5e98500776618559343f40254e40 (diff) | |
| download | pfsense-002bc4ab3268e6e5cb3a01ce73a4c1624d09050a.zip pfsense-002bc4ab3268e6e5cb3a01ce73a4c1624d09050a.tar.gz | |
Fix the glob() to return only the files, not the pathnames, use chdir()
before.
Fix a possible injection of ../ in the database path by using basename()
Fix the week graph math so it is correct.
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/status_rrd_graph.php | 9 | ||||
| -rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 9 |
2 files changed, 10 insertions, 8 deletions
diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php index c0d8814..770b61b 100755 --- a/usr/local/www/status_rrd_graph.php +++ b/usr/local/www/status_rrd_graph.php @@ -49,7 +49,9 @@ if(! isset($config['rrd']['enable'])) { } $rrddbpath = "/var/db/rrd/"; -$databases = glob("{$rrddbpath}*.rrd"); +chdir($rrddbpath); +$databases = glob("*.rrd"); + if ($_GET['cat']) { $curcat = $_GET['cat']; @@ -206,8 +208,8 @@ function get_dates($curperiod, $graph) { $end = mktime(0, 0, 0, $curmonth, (($curday + $offset) + 1), $curyear); break; case "week": - $start = mktime(0, 0, 0, $curmonth, (($curday + $curweekday) - $offset), $curyear); - $end = mktime(0, 0, 0, $curmonth, (($curday + $curweekday) + 7), $curyear); + $start = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + $offset), $curyear); + $end = mktime(0, 0, 0, $curmonth, (($curday - $curweekday) + 7), $curyear); break; case "month": $start = mktime(0, 0, 0, ($curmonth + $offset), 0, $curyear); @@ -330,7 +332,6 @@ function get_dates($curperiod, $graph) { echo " selected "; } echo ">" . htmlspecialchars($prettyprint) . "</option>\n"; - } ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 567d272..321e6f9 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /usr/bin/find /bin/rm /usr/local/bin/rrdtool + pfSense_BUILDER_BINARIES: /bin/rm /usr/local/bin/rrdtool pfSense_MODULE: system */ @@ -40,7 +40,7 @@ require_once("rrd.inc"); $pgtitle = array("System","RRD Graphs","Image viewer"); if ($_GET['database']) { - $curdatabase = $_GET['database']; + $curdatabase = basename($_GET['database']); } else { $curdatabase = "wan-traffic.rrd"; } @@ -146,8 +146,9 @@ $havg = timeDiff($average, $defOptions); $hperiod = timeDiff($seconds, $defOptions); $data = true; -/* XXX: (billm) do we have an exec() type function that does this type of thing? */ -exec("cd $rrddbpath;/usr/bin/find -name *.rrd", $databases); +$rrddbpath = "/var/db/rrd/"; +chdir($rrddbpath); +$databases = glob("*.rrd"); rsort($databases); /* compare bytes/sec counters, divide bps by 8 */ |
