mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
9faae11381f148221e12cafef31ea79351a96d7f
librenms-librenms/includes/html/graphs/common.inc.php
Tony Murray 9faae11381 Sanitize graph input (#10276) 
Could execute arbitrary rrdtool commands such as cd and ls.
2019-05-31 07:43:12 -05:00

111 lines
2.2 KiB
PHP
Raw Blame History

<?php
use LibreNMS\Util\Clean;
if ($_GET['from']) {
$from = (int)$_GET['from'];
}
if ($_GET['to']) {
$to = (int)$_GET['to'];
}
if ($_GET['width']) {
$width = (int)$_GET['width'];
}
if ($config['trim_tobias']) {
$width += 12;
}
if ($_GET['height']) {
$height = (int)$_GET['height'];
}
if ($_GET['inverse']) {
$in = 'out';
$out = 'in';
$inverse = true;
} else {
$in = 'in';
$out = 'out';
}
if ($_GET['legend'] == 'no') {
$rrd_options .= ' -g';
}
if (isset($_GET['nototal'])) {
$nototal = ((bool) $_GET['nototal']);
} else {
$nototal = true;
}
if (isset($_GET['nodetails'])) {
$nodetails = ((bool) $_GET['nodetails']);
} else {
$nodetails = false;
}
if (isset($_GET['noagg'])) {
$noagg = ((bool) $_GET['noagg']);
} else {
$noagg = true;
}
if ($_GET['title'] == 'yes') {
$rrd_options .= " --title='".$graph_title."' ";
}
if (isset($_GET['graph_title'])) {
$rrd_options .= " --title='" . Clean::alphaDashSpace($_GET['graph_title']) . "' ";
}
if (!isset($scale_min) && !isset($scale_max)) {
$rrd_options .= ' --alt-autoscale-max';
}
if (!isset($scale_min) && !isset($scale_max) && !isset($norigid)) {
$rrd_options .= ' --rigid';
}
if (isset($scale_min)) {
$rrd_options .= " -l $scale_min";
}
if (isset($scale_max)) {
$rrd_options .= " -u $scale_max";
}
if (isset($scale_rigid)) {
$rrd_options .= ' -r';
}
$rrd_options .= ' -E --start '.$from.' --end '.$to.' --width '.$width.' --height '.$height.' ';
$rrd_options .= $config['rrdgraph_def_text'].' -c FONT#'.$config['rrdgraph_def_text_color'];
if ($_GET['bg']) {
$rrd_options .= ' -c CANVAS#' . Clean::alphaDash($_GET['bg']) . ' ';
}
if ($_GET['font']) {
$rrd_options .= ' -c FONT#' . Clean::alphaDash($_GET['font']) . ' ';
}
// $rrd_options .= " -c BACK#FFFFFF";
if ($height < '99') {
$rrd_options .= ' --only-graph';
}
if ($width <= '300') {
$rrd_options .= ' --font LEGEND:7:'.$config['mono_font'].' --font AXIS:6:'.$config['mono_font'];
} else {
$rrd_options .= ' --font LEGEND:8:'.$config['mono_font'].' --font AXIS:7:'.$config['mono_font'];
}
$rrd_options .= ' --font-render-mode normal';
if (isset($_GET['absolute']) && $_GET['absolute'] == "1") {
$rrd_options .= ' --full-size-mode';
}
Reference in New Issue View Git Blame Copy Permalink