From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/lib/classes/validate_cron.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/validate_cron.inc.php b/interface/lib/classes/validate_cron.inc.php
index d49c280..e551af3 100644
--- a/interface/lib/classes/validate_cron.inc.php
+++ b/interface/lib/classes/validate_cron.inc.php
@@ -78,7 +78,7 @@
         if(preg_match("'^[0-9\-\,\/\*]+$'", $field_value) == false) return $this->get_error($validator['errmsg']); // allowed characters are 0-9, comma, *, -, /
         elseif(preg_match("'[\-\,\/][\-\,\/]'", $field_value) == true) return $this->get_error($validator['errmsg']); // comma, - and / never stand together
         //* now split list and check each entry. store used values in array for later limit-check
-        $time_list = split(",", $field_value);
+        $time_list = explode(",", $field_value);
         if(count($time_list) < 1) return $this->get_error($validator['errmsg']);
         
         $max_entry = 0;

--
Gitblit v1.9.1