Sanitize graph title input (#11919)

2024-10-07 16:52:45 +00:00 · 2020-07-09 19:48:36 +02:00
parent 98d6fc1ace
commit a3ae3805d1
1 changed files with 1 additions and 1 deletions
--- a/includes/html/graphs/graph.inc.php
+++ b/includes/html/graphs/graph.inc.php
@@ -60,7 +60,7 @@ function graph_error($string)
    include 'includes/html/graphs/common.inc.php';

    $rrd_options .= ' HRULE:0#555555';
-    $rrd_options .= " --title='".$string."'";
+    $rrd_options .= " --title=" . escapeshellarg($string);

    rrdtool_graph($graphfile, $rrd_options);