diff options
| author | Simon Rettberg | 2023-12-14 17:55:12 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2023-12-14 17:55:12 +0100 |
| commit | 62195d5ab1e0c6b7993841edb88f1330a7e729fc (patch) | |
| tree | 191413892de7745b99a2e785ae22e4309ac71931 | |
| parent | [locationinfo] Fix machine state updating (diff) | |
| download | slx-admin-62195d5ab1e0c6b7993841edb88f1330a7e729fc.tar.gz slx-admin-62195d5ab1e0c6b7993841edb88f1330a7e729fc.tar.xz slx-admin-62195d5ab1e0c6b7993841edb88f1330a7e729fc.zip | |
[statistics] Sanitize live values from client
| -rw-r--r-- | modules-available/statistics/api.inc.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules-available/statistics/api.inc.php b/modules-available/statistics/api.inc.php index f519380f..18a58a77 100644 --- a/modules-available/statistics/api.inc.php +++ b/modules-available/statistics/api.inc.php @@ -245,13 +245,17 @@ if ($type[0] === '~') { 'memfree', 'tmpfree', 'swapfree', 'id45free', 'cpuload', 'cputemp'] as $item) { $liveVal = Request::post($item, false, 'int'); - if ($liveVal !== false) { + if ($liveVal !== false && $liveVal >= 0) { $strUpdateBoottime .= ' live_' . $item . ' = :live_' . $item . ', '; if ($item === 'cpuload' || $item === 'cputemp') { $liveVal = round($liveVal); } else { $liveVal = ceil($liveVal / 1024); } + $max = ($item === 'cpuload') ? 100 : (2 ** 31); + if ($liveVal > $max) { + $liveVal = $max; + } $params['live_' . $item] = $liveVal; } } |