Make it so that users can't insert code w/syntax errors into ?/config

This commit is contained in:
ctrlcctrlv 2013-09-21 02:21:05 +00:00
parent 5906af7dcd
commit 0a58973631
2 changed files with 12 additions and 2 deletions

View File

@ -1009,6 +1009,7 @@
$config['error']['modexists'] = _('That mod <a href="?/users/%d">already exists</a>!');
$config['error']['invalidtheme'] = _('That theme doesn\'t exist!');
$config['error']['csrf'] = _('Invalid security token! Please go back and try again.');
$config['error']['badsyntax'] = _('Your code contained PHP syntax errors. Please go back and correct them. PHP says: ');
/*
* =========================

View File

@ -2106,9 +2106,18 @@ function mod_config($board_config = false) {
if (!$readonly && isset($_POST['code'])) {
$code = $_POST['code'];
// Save previous instance_config if php_check_syntax fails
$old_code = file_get_contents($config_file);
file_put_contents($config_file, $code);
header('Location: ?/config' . ($board_config ? '/' . $board_config : ''), true, $config['redirect_http']);
return;
$resp = shell_exec_error('php -l ' . $config_file);
if (preg_match('/No syntax errors detected/', $resp)) {
header('Location: ?/config' . ($board_config ? '/' . $board_config : ''), true, $config['redirect_http']);
return;
}
else {
file_put_contents($config_file, $old_code);
error($config['error']['badsyntax'] . $resp);
}
}
$instance_config = @file_get_contents($config_file);