From 1d6d38ce488ea4d4421eea20fdc3baef43a0b30f Mon Sep 17 00:00:00 2001 From: ftimme Date: Tue, 20 Sep 2011 11:39:52 +0000 Subject: [PATCH] - Hide Nginx Directives field - has no function yet. - Added escapeshellcmd to some paths in nginx_plugin.inc.php. --- interface/web/sites/templates/web_domain_advanced.htm | 2 +- server/plugins-available/nginx_plugin.inc.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/interface/web/sites/templates/web_domain_advanced.htm b/interface/web/sites/templates/web_domain_advanced.htm index 92a77c03b..7fb4ac317 100644 --- a/interface/web/sites/templates/web_domain_advanced.htm +++ b/interface/web/sites/templates/web_domain_advanced.htm @@ -32,7 +32,7 @@ -
+
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index 3d536eaa8..0b31c6df8 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -1101,7 +1101,7 @@ class nginx_plugin { $tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id']); $tpl->setVar('fpm_user', $data['new']['system_user']); $tpl->setVar('fpm_group', $data['new']['system_group']); - $php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir']; + $php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']); $tpl->setVar('php_open_basedir', $php_open_basedir); if($php_open_basedir != ''){ $tpl->setVar('enable_php_open_basedir', ''); @@ -1121,8 +1121,8 @@ class nginx_plugin { foreach($ini_settings as $ini_setting){ list($key, $value) = explode('=', $ini_setting); if($value){ - $value = trim($value); - $key = trim($key); + $value = escapeshellcmd(trim($value)); + $key = escapeshellcmd(trim($key)); switch (strtolower($value)) { case 'on': case 'off': -- GitLab