From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/web/admin/remote_action_ispcupdate.php |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 5bde7e1..a72f942 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -27,7 +27,7 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-die('Function has been removed.');
+//die('Function has been removed.');
 
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
@@ -50,6 +50,7 @@
 /*
  * We need a list of all Servers
  */
+
 $sysServers = $app->db->queryAllRecords("SELECT server_id, server_name FROM server order by server_name");
 $dropDown = "<option value='*'>" . $wb['select_all_server'] . "</option>";
 foreach ($sysServers as $server) {
@@ -62,7 +63,9 @@
 /*
  * If the user wants to do the action, write this to our db
 */
-if (isset($_POST['server_select'])) {
+
+//* Note: Disabled post action
+if (1 == 0 && isset($_POST['server_select'])) {
 	$server = $_POST['server_select'];
 	$servers = array();
 	if ($server == '*') {

--
Gitblit v1.9.1