From 08cc7f673c377bf88897743e340097e93f1e95f4 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 16 Jan 2013 09:30:05 -0500
Subject: [PATCH] - Changed regex for redirect path (Web sites, subdomains, vhost subdomains, alias domains) and web folder (vhost subdomains) so that ".." is not allowed (in order to prevent path traversals). - nginx: don't allow folders for proxy redirects (subdomains and alias domains); URL is required. - nginx: modified rewriting.

---
 interface/web/admin/server_config_edit.php |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index 6a5f6bf..2ebf0a1 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -71,19 +71,31 @@
 	}
 	
 	function onUpdateSave($sql) {
-		global $app;
+		global $app,$conf;
 		
 		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin priveliges');
 		$app->uses('ini_parser,getconf');
 		
-		$section = $app->tform->getCurrentTab();
-		$server_id = $this->id;
+		if($conf['demo_mode'] != true) {
+			$section = $app->tform->getCurrentTab();
+			$server_id = $this->id;
 		
-		$server_config_array = $app->getconf->get_server_config($server_id);
-		$server_config_array[$section] = $app->tform->encode($this->dataRecord,$section);
-		$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+			$server_config_array = $app->getconf->get_server_config($server_id);
+			
+			foreach($app->tform->formDef['tabs'][$section]['fields'] as $key => $field) {
+				if ($field['formtype'] == 'CHECKBOX') {
+					if($this->dataRecord[$key] == '') {
+						// if a checkbox is not set, we set it to the unchecked value
+						$this->dataRecord[$key] = $field['value'][0];
+					}
+				}
+			}
 		
-		$app->db->datalogUpdate('server', "SET config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
+			$server_config_array[$section] = $app->tform->encode($this->dataRecord,$section);
+			$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+		
+			$app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
+		}
 	}
 	
 }

--
Gitblit v1.9.1