From baf5dda4cc07aa35eb9e41dda90aee0d2cdecf23 Mon Sep 17 00:00:00 2001
From: Sergio Cambra <sergio@programatica.es>
Date: Tue, 08 Jul 2014 09:53:13 -0400
Subject: [PATCH] fix escaping in sql query

---
 interface/web/admin/system_config_edit.php |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index d267c8e..3a2ac8e 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -141,14 +141,22 @@
 		*/
 
 		$new_config = $app->tform->encode($this->dataRecord, $section);
-		if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['vhost_subdomains'] == 'y') {
+		if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['sites']['vhost_subdomains'] == 'y') {
 			// check for existing vhost subdomains, if found the mode cannot be disabled
 			$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain'");
 			if($check['cnt'] > 0) {
 				$new_config['vhost_subdomains'] = 'y';
 			}
+		} elseif($section == 'sites' && $new_config['vhost_aliasdomains'] != 'y' && $server_config_array['vhost_aliasdomains'] == 'y') {
+			// check for existing vhost aliasdomains, if found the mode cannot be disabled
+			$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostalias'");
+			if($check['cnt'] > 0) {
+				$new_config['vhost_aliasdomains'] = 'y';
+			}
 		} elseif($section == 'mail') {
-			if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['smtp_pass'];
+			if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['mail']['smtp_pass'];
+		} elseif($section == 'misc' && $new_config['session_timeout'] != $server_config_array['misc']['session_timeout']) {
+			$app->conf('interface', 'session_timeout', intval($new_config['session_timeout']));
 		}
 		$server_config_array[$section] = $new_config;
 		$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
@@ -178,7 +186,7 @@
 		if($server_config_array['misc']['maintenance_mode'] == 'y'){
 			//print_r($_SESSION);
 			//echo $_SESSION['s']['id'];
-			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$_SESSION['s']['id']."'");
+			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
 		}
 	}
 

--
Gitblit v1.9.1