From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/web/admin/language_add.php |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/interface/web/admin/language_add.php b/interface/web/admin/language_add.php
index 5d1d34c..a296171 100644
--- a/interface/web/admin/language_add.php
+++ b/interface/web/admin/language_add.php
@@ -30,14 +30,12 @@
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
 $app->uses('tpl');
 
@@ -69,8 +67,10 @@
 	$lng_new = $_POST['lng_new'];
 	if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.');
 	
+	//* Copy the main language file
+	copy(ISPC_LIB_PATH."/lang/$selected_language.lng",ISPC_LIB_PATH."/lang/$lng_new.lng");
+	
 	//* Make a copy of every language file
-	copy(ISPC_WEB_PATH."/$module/lib/lang/$selected_language.lng",ISPC_WEB_PATH."/$module/lib/lang/$lng_new.lng");
 	$bgcolor = '#FFFFFF';
 	$language_files_list = array();
 	$handle = @opendir(ISPC_WEB_PATH); 

--
Gitblit v1.9.1