Révision aa27de6e
Ajouté par Renato Botelho il y a presque 10 ans
usr/local/www/status_rrd_graph_img.php | ||
---|---|---|
43 | 43 |
$pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer")); |
44 | 44 |
|
45 | 45 |
if ($_GET['database']) { |
46 |
$curdatabase = basename($_GET['database']);
|
|
46 |
$curdatabase = escapeshellarg(basename($_GET['database']));
|
|
47 | 47 |
} else { |
48 | 48 |
$curdatabase = "wan-traffic.rrd"; |
49 | 49 |
} |
... | ... | |
56 | 56 |
|
57 | 57 |
/* this is used for temp name */ |
58 | 58 |
if ($_GET['graph']) { |
59 |
$curgraph = $_GET['graph'];
|
|
59 |
$curgraph = escapeshellarg($_GET['graph']);
|
|
60 | 60 |
} else { |
61 | 61 |
$curgraph = "custom"; |
62 | 62 |
} |
... | ... | |
1199 | 1199 |
log_error(sprintf(gettext('Failed to create graph with error code %1$s, the error is: %2$s'),$graphcmdreturn,$graphcmdoutput)); |
1200 | 1200 |
if(strstr($curdatabase, "queues")) { |
1201 | 1201 |
log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase)); |
1202 |
exec("/bin/rm -f $rrddbpath$curif$queues");
|
|
1202 |
unlink_if_exists($rrddbpath . $curif . $queues);
|
|
1203 | 1203 |
flush(); |
1204 | 1204 |
usleep(500); |
1205 | 1205 |
enable_rrd_graphing(); |
1206 | 1206 |
} |
1207 | 1207 |
if(strstr($curdatabase, "queuesdrop")) { |
1208 | 1208 |
log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase)); |
1209 |
exec("/bin/rm -f $rrddbpath$curdatabase");
|
|
1209 |
unlink_if_exists($rrddbpath . $curdatabase);
|
|
1210 | 1210 |
flush(); |
1211 | 1211 |
usleep(500); |
1212 | 1212 |
enable_rrd_graphing(); |
Formats disponibles : Unified diff
Make sure variables are escaped, also replace exec calls to run rm by unlink_if_exists()