From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/web/admin/language_import.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index 4e25ca3..285be11 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -35,6 +35,7 @@
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
 $app->uses('tpl');
 
@@ -49,7 +50,7 @@
 	// initial check
 	$parts = explode('|',$lines[0]);
 	if($parts[0] == '---' && $parts[1] == 'ISPConfig Language File') {
-		if($parts[2] != $conf["app_version"]) {
+		if($_POST['ignore_version'] != 1 && $parts[2] != $conf["app_version"]) {
 			$error .= 'Application version does not match. Appversion: '.$conf["app_version"].' Lanfile version: '.$parts[2];
 		} else {
 			unset($lines[0]);
@@ -83,7 +84,7 @@
 						$langfile_path = trim(ISPC_WEB_PATH.'/'.$module_name.'/lib/lang/'.$file_name);
 					}
 				} else {
-					$buffer .= $line;
+					$buffer .= trim($line)."\n";
 				}
 			}
 		}

--
Gitblit v1.9.1