Skip to content

Commit

Permalink
Merge pull request from GHSA-cx8g-hvq8-p2rv
Browse files Browse the repository at this point in the history
  • Loading branch information
@TheWitness
TheWitness committed Apr 7, 2024
1 parent 8b516cb commit 96d9a4c
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions lib/plugins.php
View file
Expand Up @@ -73,6 +73,12 @@ function api_plugin_hook($name) {

if (!empty($result)) {
foreach ($result as $hdata) {
// Security check
if (strpos($hdata['file'], '..') !== false) {
cacti_log("ERROR: Attempted inclusion of not plugin file $plugin_file from $plugin_name with the hook name $name", false, 'SECURITY');
continue;
}

$plugin_name = $hdata['name'];

if (!in_array($plugin_name, $plugins_integrated, true)) {
Expand Down

0 comments on commit 96d9a4c

Please sign in to comment.