From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/lib/classes/listform_tpl_generator.inc.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/lib/classes/listform_tpl_generator.inc.php b/interface/lib/classes/listform_tpl_generator.inc.php
index 25505f7..0ccf65c 100644
--- a/interface/lib/classes/listform_tpl_generator.inc.php
+++ b/interface/lib/classes/listform_tpl_generator.inc.php
@@ -44,7 +44,7 @@
   <div class="pnl_toolsarea">
     <fieldset><legend>{tmpl_var name="toolsarea_head_txt"}</legend>
       <div class="buttons">
-        <button class="iconstxt icoAdd" type="button" onClick="'."loadContent('".$module."/".$listDef["edit_file"]."');".'">
+        <button class="iconstxt icoAdd" type="button" onclick="'."loadContent('".$module."/".$listDef["edit_file"]."');".'">
           <span>{tmpl_var name="add_new_record_txt"}</span>
         </button>
       </div>
@@ -79,7 +79,7 @@
 			}
 		}
 		
-		$html .= '            <td class="tbl_col_buttons"><div class="buttons"><button type="button" class="icons16 icoFilter" name="Filter" id="Filter" value="{tmpl_var name="filter_txt"}" onClick="'."submitForm('pageForm','".$module."/".$listDef["file"]."');".'"><span>{tmpl_var name="filter_txt"}</span></button></div></td>
+		$html .= '            <td class="tbl_col_buttons"><div class="buttons"><button type="button" class="icons16 icoFilter" name="Filter" id="Filter" value="{tmpl_var name="filter_txt"}" onclick="'."submitForm('pageForm','".$module."/".$listDef["file"]."');".'"><span>{tmpl_var name="filter_txt"}</span></button></div></td>
           </tr>
         </thead>
         <tbody>
@@ -89,12 +89,12 @@
 		
 		foreach($listDef["item"] as $field) {
 			$key = $field["field"];
-			$html .= "            <td class=\"tbl_col_".$key."\"><a href=\"#\" onClick=\"loadContent('".$module."/".$listDef["edit_file"]."?id={tmpl_var name='id'}');\">{tmpl_var name=\"".$key."\"}</a></td>\n";
+			$html .= "            <td class=\"tbl_col_".$key."\"><a href=\"#\" onclick=\"loadContent('".$module."/".$listDef["edit_file"]."?id={tmpl_var name='id'}');\">{tmpl_var name=\"".$key."\"}</a></td>\n";
 		}
 		
 		$html .= "            <td class=\"tbl_col_buttons\">
               <div class=\"buttons icons16\">    
-                <a class=\"icons16 icoDelete\" href=\"javascript: del_record('".$module."/".$listDef["delete_file"]."?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');\"><span>{tmpl_var name='delete_txt'}</span></a>
+                <a class=\"button icons16 icoDelete\" href=\"javascript: del_record('".$module."/".$listDef["delete_file"]."?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');\"><span>{tmpl_var name='delete_txt'}</span></a>
               </div>
             </td>
           </tr>

--
Gitblit v1.9.1