From e956aca559ffa3f53c9e39beed6226f342e1d526 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Wed, 15 Apr 2015 08:25:39 -0400
Subject: [PATCH] - patches for some errors

---
 interface/web/admin/system_config_edit.php |   25 +++++++------------------
 1 files changed, 7 insertions(+), 18 deletions(-)

diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 9c69cfa..1e1fdc2 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_system_config');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
@@ -64,6 +65,9 @@
 			$server_id = $this->id;
 
 			$this->dataRecord = $app->getconf->get_global_config($section);
+			if (is_null($this->dataRecord)) {
+				$this->dataRecord = array();
+			}
 			if ($section == 'domains'){
 				if (isset($this->dataRecord['use_domain_module'])){
 					$_SESSION['use_domain_module_old_value'] = $this->dataRecord['use_domain_module'];
@@ -156,15 +160,12 @@
 		} elseif($section == 'mail') {
 			if($new_config['smtp_pass'] == '') $new_config['smtp_pass'] = $server_config_array['mail']['smtp_pass'];
 		} elseif($section == 'misc' && $new_config['session_timeout'] != $server_config_array['misc']['session_timeout']) {
-			$app->db->query("DELETE FROM sys_config WHERE `config_id` = 2 AND `group` = 'interface' AND `name` = 'session_timeout'");
-			$app->db->query("INSERT INTO sys_config (`config_id`, `group`, `name`, `value`) VALUES (2, 'interface', 'session_timeout', '" . intval($new_config['session_timeout']) . "')");
+			$app->conf('interface', 'session_timeout', intval($new_config['session_timeout']));
 		}
 		$server_config_array[$section] = $new_config;
 		$server_config_str = $app->ini_parser->get_ini_string($server_config_array);
 
-		//$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";
-		//if($conf['demo_mode'] != true) $app->db->query($sql);
-		if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);
+		if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', array("config" => $server_config_str), 'sysini_id', 1);
 
 		/*
 		 * If we should use the domain-module, we have to insert all existing domains into the table
@@ -187,21 +188,9 @@
 		if($server_config_array['misc']['maintenance_mode'] == 'y'){
 			//print_r($_SESSION);
 			//echo $_SESSION['s']['id'];
-			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
+			$app->db->query("DELETE FROM sys_session WHERE session_id != ?", $_SESSION['s']['id']);
 		}
 	}
-
-	/*
-	function onAfterUpdate() {
-        if($this->_js_changed == true) {
-            // not the best way, but it works
-            header('Content-Type: text/html');
-            print '<script type="text/javascript">document.location.reload(true);</script>';
-            exit;
-        }
-    }
-	*/
-
 }
 
 $app->tform_actions = new page_action;

--
Gitblit v1.9.1