This commit is a merge from trunk -> branch-3.0.x:

svn merge -r 894:895 https://ganglia.svn.sourceforge.net/svnroot/ganglia/trunk/monitor-core . Original commit message: this is just a quick patch to prevent cross-scripting on the range GET variable. we still need to review our other template variables as well.
ganglia · Dec 6, 2007 · b84bae0 · b84bae0
1 parent 456ad6f
commit b84bae0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/web/get_context.php b/web/get_context.php
@@ -11,7 +11,7 @@
 	escapeshellcmd(rawurldecode($_GET["G"])) : NULL;
 $hostname = isset($_GET["h"]) ?
 	escapeshellcmd(rawurldecode($_GET["h"])) : NULL;
-$range = isset($_GET["r"]) ?
+$range = in_array($_GET["r"],array("hour","day","week","month","year")) ?
 	escapeshellcmd(rawurldecode($_GET["r"])) : NULL;
 $metricname = isset($_GET["m"]) ?
 	escapeshellcmd(rawurldecode($_GET["m"])) : NULL;