From d8faa4e7e3fb74e554f6c9339f6fe4e2883c3bf1 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 18 Sep 2015 13:43:03 -0400
Subject: [PATCH] Fix by dirkd: Since file() doesn't remove "\n" from the lines read the condition $lines[$l] == '' never evaluated to true. So $mailHeaders would always contain every line from the template while $mailBody contained none of them.

---
 interface/web/admin/server_config_edit.php |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index a471181..4c03e7e 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -43,6 +43,8 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_server_config');
+
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
@@ -91,10 +93,14 @@
 				}
 			}
 
-			$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
-			$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+			if($app->tform->errorMessage == '') {
+				$server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
+				$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
 
-			$app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);
+				$app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+			} else {
+				$app->error('Security breach!');
+			}
 		}
 	}
 

--
Gitblit v1.9.1