[CVE-2012-3448] Backporting fix for arbitrary PHP code execution

ganglia · Aug 15, 2012 · 3404fbf · 3404fbf
1 parent 8cf4f44
commit 3404fbf
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/web/graph.php b/web/graph.php
@@ -122,7 +122,7 @@
 
 $graph_file = "$graphdir/$graph.php";
 
-if ( is_readable($graph_file) ) {
+if ( is_readable($graph_file) and realpath($graphdir) === dirname(realpath($graph_file)) ) {
     include_once($graph_file);
 
     $graph_function = "graph_${graph}";