Index: graph.php
===================================================================
--- graph.php	(revision 924)
+++ graph.php	(working copy)
@@ -23,7 +23,7 @@
 $min = isset($_GET["n"]) ?
 	clean_number( rawurldecode($_GET["n"] ) ) : NULL;
 $value = isset($_GET["v"]) ?
-	clean_number( rawurldecode( $_GET["v"] ) ) : NULL;
+	clean_float( rawurldecode( $_GET["v"] ) ) : NULL;
 $load_color = isset($_GET["l"]) && is_valid_hex_color( rawurldecode( $_GET[ 'l' ] ) ) ?
 	escapeshellcmd( rawurldecode( $_GET["l"] ) ) : NULL;
 $vlabel = isset($_GET["vl"]) ?
Index: functions.php
===================================================================
--- functions.php	(revision 924)
+++ functions.php	(working copy)
@@ -432,6 +432,14 @@
 }
 
 #-------------------------------------------------------------------------------
+# If arg is a valid floating point number, return it.  Otherwise, return null.
+function clean_float( $value ) {
+  return preg_match('/^[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?$/', $value) ?
+        $value :
+        null;
+}
+
+#-------------------------------------------------------------------------------
 # Return true if string is a 3 or 6 character hex color.  Return false otherwise.
 function is_valid_hex_color( $string )
 {