Hi,
attached is a patch for CVE-2010-2092.
Cheers
Nico
--- graph.php 2009-06-28 18:07:11.000000000 +0200
+++ graph.php.new 2010-06-10 17:41:07.000000000 +0200
@@ -33,7 +33,7 @@
include_once("./include/top_graph_header.php");
/* ================= input validation ================= */
-input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$");
+input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
input_validate_input_number(get_request_var("local_graph_id"));
input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$");
/* ==================================================== */
