Hi
On Sat, Jan 19, 2013 at 08:36:08PM +0100, Yves-Alexis Perez wrote:
> On sam., 2013-01-19 at 10:09 +0100, Salvatore Bonaccorso wrote:
> > By passing g= argument, it is possible to traverse the path and load
> > another file and execute code from it.
> >
> > Attached is the debdiff against 3.1.7-1 in squeeze.
>
>
> Part of the diff (the is_numeric() parts mainly) seems missing. Is it
> intended?
Yes. I downloaded both 3.1.7 and 3.1.8 source tarballs and looked at
the diff. web/graph.php contain only following changes:
----cut---------cut---------cut---------cut---------cut---------cut-----
filterdiff -i '*web/graph.php' ganglia_3.1.7_3.1.8.diff
--- ganglia-3.1.7/web/graph.php 2010-02-17 12:05:39.000000000 +0100
+++ ganglia-3.1.8/web/graph.php 2012-08-15 19:12:12.000000000 +0200
@@ -1,5 +1,5 @@
<?php
-/* $Id: graph.php 2183 2010-01-07 16:09:55Z d_pocock $ */
+/* $Id$ */
include_once "./eval_config.php";
include_once "./get_context.php";
include_once "./functions.php";
@@ -122,7 +122,7 @@
$graph_file = "$graphdir/$graph.php";
-if ( is_readable($graph_file) ) {
+if ( is_readable($graph_file) and realpath($graphdir) ===
dirname(realpath($graph_file)) ) {
include_once($graph_file);
$graph_function = "graph_${graph}";
----cut---------cut---------cut---------cut---------cut---------cut-----
If I see it correctly the corresponding code is not present in 3.1.7,
and the above are the only changes done in web/graph.php between 3.1.7
and 3.1.8.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
