From b32bbbd1a28485abba3a5c7e2a940198c141c5ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torkel=20=C3=96degaard?= <torkel@grafana.org>
Date: Sat, 22 Oct 2016 10:03:02 +0200
Subject: [PATCH] fix(influxdb): enforce database restriction, fixes #6352

---
 pkg/api/dataproxy.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/api/dataproxy.go b/pkg/api/dataproxy.go
index 97f2529c781..34c4271ebf6 100644
--- a/pkg/api/dataproxy.go
+++ b/pkg/api/dataproxy.go
@@ -95,6 +95,13 @@ func ProxyDataSourceRequest(c *middleware.Context) {
 		return
 	}
 
+	if ds.Type == m.DS_INFLUXDB {
+		if c.Query("db") != ds.Database {
+			c.JsonApiErr(403, "Datasource is not configured to allow this database", nil)
+			return
+		}
+	}
+
 	targetUrl, _ := url.Parse(ds.Url)
 	if len(setting.DataProxyWhiteList) > 0 {
 		if _, exists := setting.DataProxyWhiteList[targetUrl.Host]; !exists {