From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/admin/language_import.php |   24 +++++++++++-------------
 1 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index 130fbc1..285be11 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -30,14 +30,12 @@
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
-// Checking permissions for the module
-if(!stristr($_SESSION['s']['user']['modules'],'admin')) {
-	header('Location: ../index.php');
-	exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
 $app->uses('tpl');
 
@@ -52,7 +50,7 @@
 	// initial check
 	$parts = explode('|',$lines[0]);
 	if($parts[0] == '---' && $parts[1] == 'ISPConfig Language File') {
-		if($parts[2] != $conf["app_version"]) {
+		if($_POST['ignore_version'] != 1 && $parts[2] != $conf["app_version"]) {
 			$error .= 'Application version does not match. Appversion: '.$conf["app_version"].' Lanfile version: '.$parts[2];
 		} else {
 			unset($lines[0]);
@@ -69,24 +67,24 @@
 							$error .= "File exists, not written: $langfile_path<br />";
 						} else {
 							$msg .= "File written: $langfile_path<br />";
-							// file_put_contents($langfile_path,$buffer);
+							file_put_contents($langfile_path,$buffer);
 						}
 					}
 					// empty buffer and set variables
 					$buffer = '';
-					$module_name = $parts[1];
-					$selected_language = $parts[2];
-					$file_name = $parts[3];
-					if(!preg_match("/^[a-z]{2}$/i", $selected_language)) die('unallowed characters in selected language name.');
+					$module_name = trim($parts[1]);
+					$selected_language = trim($parts[2]);
+					$file_name = trim($parts[3]);
+					if(!preg_match("/^[a-z]{2}$/i", $selected_language)) die("unallowed characters in selected language name: $selected_language");
 					if(!preg_match("/^[a-z_]+$/i", $module_name)) die('unallowed characters in module name.');
-					if(!preg_match("/^[a-z\._]+$/i", $file_name) || stristr($file_name,'..')) die('unallowed characters in language file name.');
+					if(!preg_match("/^[a-z\._]+$/i", $file_name) || stristr($file_name,'..')) die("unallowed characters in language file name: '$file_name'");
 					if($module_name == 'global') {
 						$langfile_path = trim(ISPC_LIB_PATH."/lang/".$selected_language.".lng");
 					} else {
 						$langfile_path = trim(ISPC_WEB_PATH.'/'.$module_name.'/lib/lang/'.$file_name);
 					}
 				} else {
-					$buffer .= $line;
+					$buffer .= trim($line)."\n";
 				}
 			}
 		}

--
Gitblit v1.9.1