From 1d6d38ce488ea4d4421eea20fdc3baef43a0b30f Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Tue, 20 Sep 2011 11:39:52 +0000
Subject: [PATCH] - Hide Nginx Directives field - has no function yet. - Added
 escapeshellcmd to some paths in nginx_plugin.inc.php.

---
 interface/web/sites/templates/web_domain_advanced.htm | 2 +-
 server/plugins-available/nginx_plugin.inc.php         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/web/sites/templates/web_domain_advanced.htm b/interface/web/sites/templates/web_domain_advanced.htm
index 92a77c03bf..7fb4ac3172 100644
--- a/interface/web/sites/templates/web_domain_advanced.htm
+++ b/interface/web/sites/templates/web_domain_advanced.htm
@@ -32,7 +32,7 @@
       	<label for="apache_directives">{tmpl_var name='apache_directives_txt'}</label>
       	<textarea name="apache_directives" id="apache_directives" rows='10' cols='50' style="width:400px;">{tmpl_var name='apache_directives'}</textarea>
 	  </div>
-      <div class="ctrlHolder nginx">
+      <div class="ctrlHolder apache">
       	<label for="nginx_directives">{tmpl_var name='nginx_directives_txt'}</label>
       	<textarea name="nginx_directives" id="nginx_directives" rows='10' cols='50' style="width:400px;">{tmpl_var name='nginx_directives'}</textarea>
 	  </div>
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 3d536eaa87..0b31c6df88 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1101,7 +1101,7 @@ class nginx_plugin {
 			$tpl->setVar('fpm_port', $web_config['php_fpm_start_port'] + $data['new']['domain_id']);
 			$tpl->setVar('fpm_user', $data['new']['system_user']);
 			$tpl->setVar('fpm_group', $data['new']['system_group']);
-			$php_open_basedir = ($data['new']['php_open_basedir'] == '')?$data['new']['document_root']:$data['new']['php_open_basedir'];
+			$php_open_basedir = ($data['new']['php_open_basedir'] == '')?escapeshellcmd($data['new']['document_root']):escapeshellcmd($data['new']['php_open_basedir']);
 			$tpl->setVar('php_open_basedir', $php_open_basedir);
 			if($php_open_basedir != ''){
 				$tpl->setVar('enable_php_open_basedir', '');
@@ -1121,8 +1121,8 @@ class nginx_plugin {
 					foreach($ini_settings as $ini_setting){
 							list($key, $value) = explode('=', $ini_setting);
 							if($value){
-								$value = trim($value);
-								$key = trim($key);
+								$value = escapeshellcmd(trim($value));
+								$key = escapeshellcmd(trim($key));
 								switch (strtolower($value)) {
 									case 'on':
 									case 'off':
-- 
GitLab