-
Joshua Tauberer authored
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work. Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway. The vulnerability was created by 6d6f3ea3. See #914. This is the v0.19b hotfix commit.
a14b1779
| Name |
Last commit
|
Last update |
|---|---|---|
| conf | ||
| management | ||
| ppa | ||
| setup | ||
| tests | ||
| tools | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
| Vagrantfile | ||
| security.md |