From dd0130670fe3cab4c7e2c1ab4f3bf0d2b2d512b0 Mon Sep 17 00:00:00 2001
From: Denny Bortfeldt <denny@bortfeldt.net>
Date: Mon, 27 Jun 2016 18:02:16 -0400
Subject: [PATCH] When uploading a logo which is smaller than the current ispconfig one, then the logo will be on the left side of the header. In my opinion it will look better when it's centered. You could vote about it ;)

---
 interface/web/admin/language_edit.php |   39 +++++++++++++++++++++++++--------------
 1 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index f47b631..c94a5eb 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -27,14 +27,16 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_langedit');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
 
 $app->uses('tpl');
 
@@ -53,48 +55,57 @@
 
 //* Save data
 if(isset($_POST['records']) && is_array($_POST['records'])) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$file_content = "<?php\n";
 	foreach($_POST['records'] as $key => $val) {
 		$val = stripslashes($val);
-		$val = str_replace("'",'',$val);
-		$val = str_replace('"','',$val);
-		$file_content .= '$wb['."'$key'".'] = '."'$val';\n";
+		$val = preg_replace('/(^|[^\\\\])((\\\\\\\\)*)"/', '$1$2\\"', $val);
+		$val = str_replace('$', '', $val);
+		$file_content .= '$wb['."'$key'".'] = "'.$val.'";'."\n";
 		$msg = 'File saved.';
 	}
 	$file_content .= "?>\n";
 	if($module == 'global') {
-		file_put_contents(ISPC_LIB_PATH."/lang/$lang_file" ,$file_content);
+		file_put_contents(ISPC_LIB_PATH."/lang/$lang_file" , $file_content);
 	} else {
-		file_put_contents(ISPC_WEB_PATH."/$module/lib/lang/$lang_file" ,$file_content);
+		file_put_contents(ISPC_WEB_PATH."/$module/lib/lang/$lang_file" , $file_content);
 	}
 }
 
 
-$app->tpl->setVar(array('module' => $module,'lang_file' => $lang_file, 'lang' => $lang, 'msg' => $msg));
+$app->tpl->setVar(array('module' => $module, 'lang_file' => $lang_file, 'lang' => $lang, 'msg' => $msg));
 
 if($module == 'global') {
-	include(ISPC_LIB_PATH."/lang/$lang_file");
+	include ISPC_LIB_PATH."/lang/$lang_file";
 	$file_path = ISPC_LIB_PATH."/lang/$lang_file";
 } else {
-	include(ISPC_WEB_PATH."/$module/lib/lang/$lang_file");
-	$file_path = ISPC_LIB_PATH."/$module/lib/lang/$lang_file";
+	include ISPC_WEB_PATH."/$module/lib/lang/$lang_file";
+	$file_path = ISPC_WEB_PATH."/$module/lib/lang/$lang_file";
 }
 $app->tpl->setVar("file_path", $file_path);
 
 $keyword_list = array();
 if(isset($wb) && is_array($wb)) {
 	foreach($wb as $key => $val) {
-		$keyword_list[] = array('key' => $key, 'val' => $val);
+		$keyword_list[] = array('key' => $key, 'val' => htmlentities($val, ENT_COMPAT | ENT_HTML401, 'UTF-8'));
 	}
 
 	$app->tpl->setLoop('records', $keyword_list);
 	unset($wb);
 }
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_edit');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
 
-//* load language file 
+
+//* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';
-include($lng_file);
+include $lng_file;
 $app->tpl->setVar($wb);
 
 $app->tpl_defaults();

--
Gitblit v1.9.1