Commit d09f4db5 authored by Till Brehm's avatar Till Brehm

Finetuning for #5102

parent 6e094613
...@@ -480,9 +480,9 @@ class functions { ...@@ -480,9 +480,9 @@ class functions {
// Function to check paths before we use it as include. Use with absolute paths only. // Function to check paths before we use it as include. Use with absolute paths only.
public function check_include_path($path) { public function check_include_path($path) {
if(strpos($path,'//')) die('Include path seems to be an URL: '.$this->htmlentities($path)); if(strpos($path,'//') === false) die('Include path seems to be an URL: '.$this->htmlentities($path));
if(strpos($path,'..')) die('Two dots are not allowed in include path: '.$this->htmlentities($path)); if(strpos($path,'..') === false) die('Two dots are not allowed in include path: '.$this->htmlentities($path));
if(!preg_match("/^[a-zA-Z0-9_\/\.\-]{1,}$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path)); if(!preg_match("/^[a-zA-Z0-9_\/\.\-]+$/", $path)) die('Wrong chars in include path: '.$this->htmlentities($path));
$path = realpath($path); $path = realpath($path);
if($path == '') die('Include path does not exist.'); if($path == '') die('Include path does not exist.');
if(substr($path,0,strlen(ISPC_ROOT_PATH)) != ISPC_ROOT_PATH) die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.'); if(substr($path,0,strlen(ISPC_ROOT_PATH)) != ISPC_ROOT_PATH) die('Path '.$this->htmlentities($path).' is outside of ISPConfig installation directory.');
...@@ -495,7 +495,8 @@ class functions { ...@@ -495,7 +495,8 @@ class functions {
if(preg_match('/^[a-z]{2}$/',$language)) { if(preg_match('/^[a-z]{2}$/',$language)) {
return $language; return $language;
} else { } else {
die('Invalid language string: '.$this->htmlentities($language)); $app->log('Wrong language string: '.$this->htmlentities($language),1);
return 'en';
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment