X-Git-Url: https://git.octo.it/?a=blobdiff_plain;f=contrib%2Fcollection3%2Fbin%2Findex.cgi;h=4723af964e9ecf7f6ae5a965b00855748a8adcfc;hb=ed985cb9d3d89aec3490b17e0fda3ee97908f935;hp=027961fa43ac73de432e0e7435768852c423f37b;hpb=45aa67ef031ed2b8083f92efa2cbb76e0da8c02e;p=collectd.git

diff --git a/contrib/collection3/bin/index.cgi b/contrib/collection3/bin/index.cgi
index 027961fa..4723af96 100755
--- a/contrib/collection3/bin/index.cgi
+++ b/contrib/collection3/bin/index.cgi
@@ -240,6 +240,28 @@ HTML
   $html_started = 0;
 }
 
+sub contains_invalid_chars
+{
+  my $str = shift;
+
+  for (split (m//, $str))
+  {
+    my $n = ord ($_);
+
+    # Whitespace is allowed.
+    if (($n >= 9) && ($n <= 13))
+    {
+      next;
+    }
+    elsif ($n < 32)
+    {
+      return (1);
+    }
+  }
+
+  return;
+}
+
 sub show_selector
 {
   my $timespan_selection = get_timespan_selection ();
@@ -254,6 +276,7 @@ sub show_selector
 HTML
   for (sort (keys %$host_selection))
   {
+    next if contains_invalid_chars ($_);
     my $host = encode_entities ($_);
     my $selected = $host_selection->{$_}
     ? ' selected="selected"'
@@ -266,6 +289,7 @@ HTML
 HTML
   for (sort (keys %$plugin_selection))
   {
+    next if contains_invalid_chars ($_);
     my $plugin = encode_entities ($_);
     my $selected = $plugin_selection->{$_}
     ? ' selected="selected"'
@@ -278,6 +302,7 @@ HTML
 HTML
   for (sort { $TimeSpans->{$a} <=> $TimeSpans->{$b} } (keys (%$TimeSpans)))
   {
+    next if contains_invalid_chars ($_);
     my $name = encode_entities ($_);
     my $value = $TimeSpans->{$_};
     my $selected = ($value == $timespan_selection)
@@ -304,6 +329,7 @@ sub action_list_hosts
   for (sort @hosts)
   {
     my $url = encode_entities (script_name () . "?action=show_selection;hostname=$_");
+    next if contains_invalid_chars ($_);
     my $name = encode_entities ($_);
     print qq#      <li><a href="$url">$name</a></li>\n#;
   }