----- Forwarded message from Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> -----
Date: Wed, 14 Apr 2004 23:41:12 +0200 From: Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> Resent-From: "Mario 'BitKoenig' Holbe" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Bug#243794: rrdcgi: doesn't handle quotes Package: rrdtool Version: 1.0.46-3 Hello, rrdcgi doesn't respect/handle quotes, not even it's own ones. I tried to write some cgi script that gets the name of the rrd database to use from a cgi variable: http://.../script.cgi?file=foo.rrd <RRD::GRAPH /tmp/foo.png -a PNG --imginfo '<img src=/%s width=%lu height=%lu/>' DEF:ds0=/tmp/<RRD::CV::PATH file>:ds0:AVERAGE LINE2:ds0#0000ff> should do the trick, /tmp/foo.rrd exists, but it gives me: [ERROR: opening '/tmp/"foo.rrd"': No such file or directory] Of course, one would use RRD::CV::PATH here, because else, attackers could give insecure filenames. And of course, /tmp/"foo.rrd" does not exist, but /tmp/foo.rrd does :) Something similar happens when I tried to give the data source as variable: http://.../script.cgi?ds=ds0 <RRD::GRAPH /tmp/foo.png -a PNG --imginfo '<img src=/%s width=%lu height=%lu/>' DEF:<RRD::CV::QUOTE ds>=/tmp/foo.rrd:<RRD::CV::QUOTE ds>:AVERAGE LINE2:<RRD::CV::QUOTE ds>#0000ff> it results in: [ERROR: can't parse DEF '"ds0"=/tmp/foo.rrd:"ds0":AVERAGE'] And last but not least, when I try the example from the manpage: <RRD::GRAPH /tmp/foo-<RRD::CV::PATH id>.png -a PNG --imginfo '<img src=/%s width=%lu height=%lu/>' DEF:ds0=/tmp/foo.rrd:ds0:AVERAGE LINE2:ds0#0000ff> it creates a file whose name is /tmp/"ds0".png. I hope, this is enough input to reproduce it :) regards, Mario -- Ho ho ho! I am Santa Claus of Borg. Nice assimilation all together! ----- End forwarded message ----- -- - mdz -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/rrd-developers WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
