From 3ca9de2e00393f624d992759684b730cb21d9421 Mon Sep 17 00:00:00 2001 From: bizonix Date: Fri, 19 Aug 2016 18:58:30 +0300 Subject: [PATCH] vulnerability fix. --- management/daemon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/daemon.py b/management/daemon.py index 9bc6429b..07baf6ce 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -562,7 +562,7 @@ def munin_cgi(filename): if filename == "": return ("a path must be specified", 404) - query_str = request.query_string.decode("utf-8", 'ignore') + query_str = request.query_string.decode("utf-8", 'ignore').replace('"', r'\"') env = {'PATH_INFO': '/%s/' % filename, 'QUERY_STRING': query_str} cmd = COMMAND % query_str