From d09f4db508bcaae404b8db9d907900699901e1d7 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Fri, 17 Aug 2018 18:20:37 +0200 Subject: [PATCH] Finetuning for #5102 --- interface/lib/classes/functions.inc.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php index c948534616..878fc5d44a 100644 --- a/interface/lib/classes/functions.inc.php +++ b/interface/lib/classes/functions.inc.php @@ -480,9 +480,9 @@ class functions { // Function to check paths before we use it as include. Use with absolute paths only. public function check_include_path($path) { - if(strpos($path,'//')) die('Include path seems to be an URL: '.$this->htmlentities($path)); - if(strpos($path,'..')) die('Two dots are not allowed in include path: '.$this->htmlentities($path)); - if(!preg_match("/^[a-zA-Z0-9_\/\.\-]{1,}$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path)); + if(strpos($path,'//') === false) die('Include path seems to be an URL: '.$this->htmlentities($path)); + if(strpos($path,'..') === false) die('Two dots are not allowed in include path: '.$this->htmlentities($path)); + if(!preg_match("/^[a-zA-Z0-9_\/\.\-]+$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path)); $path = realpath($path); if($path == '') die('Include path does not exist.'); if(substr($path,0,strlen(ISPC_ROOT_PATH)) != ISPC_ROOT_PATH) die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.'); @@ -495,7 +495,8 @@ class functions { if(preg_match('/^[a-z]{2}$/',$language)) { return $language; } else { - die('Invalid language string: '.$this->htmlentities($language)); + $app->log('Wrong language string: '.$this->htmlentities($language),1); + return 'en'; } } -- GitLab