tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5323-Phar-object-injection' into 'develop'

Browse Source 
Prepend folder to image to avoid Phar injection

See merge request
This commit is contained in:
Daniel Rodriguez 2020-01-22 12:20:35 +01:00
commit 189ba74f01
1 changed files with 3 additions and 0 deletions

3
pandora_console/include/graphs/fgraph.php

@ -57,6 +57,9 @@ switch ($graph_type) {
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
$out_of_lim_image = get_parameter('out_of_lim_image', false);
// Add relative path to avoid phar object injection.
$out_of_lim_image = '../graphs/'.$out_of_lim_image;
$title = get_parameter('title');
$mode = get_parameter('mode', 1);