35a360ef0b
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work. Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway. |
||
---|---|---|
.. | ||
templates | ||
auth.py | ||
backup.py | ||
csr_country_codes.tsv | ||
daemon.py | ||
daily_tasks.sh | ||
dns_update.py | ||
email_administrator.py | ||
mail_log.py | ||
mailconfig.py | ||
ssl_certificates.py | ||
status_checks.py | ||
utils.py | ||
web_update.py |