From 1d6d38ce488ea4d4421eea20fdc3baef43a0b30f Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 20 Sep 2011 07:39:52 -0400
Subject: [PATCH] - Hide Nginx Directives field - has no function yet. - Added escapeshellcmd to some paths in nginx_plugin.inc.php.

---
 server/plugins-available/nginx_plugin.inc.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 3d536ea..0b31c6d 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1101,7 +1101,7 @@
 			$tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id']);
 			$tpl->setVar('fpm_user', $data['new']['system_user']);
 			$tpl->setVar('fpm_group', $data['new']['system_group']);
-			$php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
+			$php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']);
 			$tpl->setVar('php_open_basedir', $php_open_basedir);
 			if($php_open_basedir != ''){
 				$tpl->setVar('enable_php_open_basedir', '');
@@ -1121,8 +1121,8 @@
 					foreach($ini_settings as $ini_setting){
 							list($key, $value) = explode('=', $ini_setting);
 							if($value){
-								$value = trim($value);
-								$key = trim($key);
+								$value = escapeshellcmd(trim($value));
+								$key = escapeshellcmd(trim($key));
 								switch (strtolower($value)) {
 									case 'on':
 									case 'off':

--
Gitblit v1.9.1