plug shell injection hole in map.php (thanks to Scrye)

git-svn-id: http://www.observium.org/svn/observer/trunk@1210 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2010-06-18 17:29:02 +00:00
parent 033dd8524f
commit 36c276646a
1 changed files with 9 additions and 0 deletions
--- a/html/map.php
+++ b/html/map.php
@@ -116,6 +116,15 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format']))

  if ($_GET['debug'] == 1) { echo("<pre>$map</pre>");exit(); }

+  switch ($_GET['format'])
+  {
+    case 'svg':
+    case 'png':
+      break;
+    case default:
+      $_GET['format'] = 'png';
+  }
+
  $img = shell_exec("echo \"".addslashes($map)."\" | dot -T".$_GET['format']."");
  if($_GET['format'] == "png") {
    header("Content-type: image/".$_GET['format']);