From 36c276646aee51c6c76a2acbc6b16b355d005b2d Mon Sep 17 00:00:00 2001 From: Tom Laermans Date: Fri, 18 Jun 2010 17:29:02 +0000 Subject: [PATCH] plug shell injection hole in map.php (thanks to Scrye) git-svn-id: http://www.observium.org/svn/observer/trunk@1210 61d68cd4-352d-0410-923a-c4978735b2b8 --- html/map.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/html/map.php b/html/map.php index 4754a4008..ab862a1c8 100755 --- a/html/map.php +++ b/html/map.php @@ -116,6 +116,15 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format'])) if ($_GET['debug'] == 1) { echo("
$map
");exit(); } + switch ($_GET['format']) + { + case 'svg': + case 'png': + break; + case default: + $_GET['format'] = 'png'; + } + $img = shell_exec("echo \"".addslashes($map)."\" | dot -T".$_GET['format'].""); if($_GET['format'] == "png") { header("Content-type: image/".$_GET['format']);