File nagios-statuswml_c.patch of Package nagios

--- cgi/statuswml.c
+++ cgi/statuswml.c
@@ -67,6 +67,8 @@
 void document_header(void);
 void document_footer(void);
 int process_cgivars(void);
+int validate_arguments(void);
+int is_valid_hostip(char *hostip);
 
 int display_type=DISPLAY_INDEX;
 int hostgroup_style=DISPLAY_HOSTGROUP_SUMMARY;
@@ -108,7 +110,13 @@
 
 	document_header();
 
-	/* read the CGI configuration file */
+       /* validate arguments in URL */
+       result=validate_arguments();
+       if(result==ERROR){
+               document_footer();
+               return ERROR;
+               }
+    /* read the CGI configuration file */
 	result=read_cgi_config_file(get_cgi_config_location());
 	if(result==ERROR){
 		printf("<P>Error: Could not open CGI configuration file '%s' for reading!</P>\n",get_cgi_config_location());
@@ -334,7 +342,25 @@
 	return error;
         }
 
-
+int validate_arguments(void){
+       int result=OK;
+       if((strcmp(ping_address,"")) && !is_valid_hostip(ping_address)) {
+               printf("<p>Invalid host name/ip</p>\n");
+               result=ERROR;
+               }
+       if(strcmp(traceroute_address,"") && !is_valid_hostip(traceroute_address)){
+               printf("<p>Invalid host name/ip</p>\n");
+               result=ERROR;
+               }
+       return result;
+       }
+
+int is_valid_hostip(char *hostip) {
+       char *valid_domain_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-";
+       if(strcmp(hostip,"") && strlen(hostip)==strspn(hostip,valid_domain_chars) && hostip[0] != '-' && hostip[strlen(hostip)-1] != '-')
+               return TRUE;
+       return FALSE;
+       }
 
 /* main intro screen */
 void display_index(void){