From ebd0e986ed11f2a34fb58cdd33efbfab192083ad Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Fri, 22 Apr 2016 05:26:17 -0400
Subject: [PATCH] Added PHP 7 check in installer and updater.

---
 interface/web/admin/language_import.php |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index 1dfaa18..be822cf 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -36,7 +36,7 @@
 	$new_string = '';
 
 	for($c = 0; $c < mb_strlen($string); $c++) {
-		$char = $string{$c};
+		$char = mb_substr($string, $c, 1);
 
 		if($in_string === true && $escaped === false && $char === $quote) {
 			// this marks a string end (e.g. for concatenation)
@@ -112,6 +112,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_langedit');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
@@ -128,6 +129,10 @@
 
 // Export the language file
 if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
+	
+	//* CSRF Check
+	$app->auth->csrf_token_check();
+	
 	$lines = file($_FILES['file']['tmp_name']);
 	// initial check
 	$parts = explode('|', $lines[0]);
@@ -182,6 +187,11 @@
 $app->tpl->setVar('msg', $msg);
 $app->tpl->setVar('error', $error);
 
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
 //* load language file
 $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
 include $lng_file;

--
Gitblit v1.9.1