Make it so that users can't insert code w/syntax errors into ?/config
This commit is contained in:
parent
5906af7dcd
commit
0a58973631
@ -1009,6 +1009,7 @@
|
||||
$config['error']['modexists'] = _('That mod <a href="?/users/%d">already exists</a>!');
|
||||
$config['error']['invalidtheme'] = _('That theme doesn\'t exist!');
|
||||
$config['error']['csrf'] = _('Invalid security token! Please go back and try again.');
|
||||
$config['error']['badsyntax'] = _('Your code contained PHP syntax errors. Please go back and correct them. PHP says: ');
|
||||
|
||||
/*
|
||||
* =========================
|
||||
|
@ -2106,9 +2106,18 @@ function mod_config($board_config = false) {
|
||||
|
||||
if (!$readonly && isset($_POST['code'])) {
|
||||
$code = $_POST['code'];
|
||||
// Save previous instance_config if php_check_syntax fails
|
||||
$old_code = file_get_contents($config_file);
|
||||
file_put_contents($config_file, $code);
|
||||
header('Location: ?/config' . ($board_config ? '/' . $board_config : ''), true, $config['redirect_http']);
|
||||
return;
|
||||
$resp = shell_exec_error('php -l ' . $config_file);
|
||||
if (preg_match('/No syntax errors detected/', $resp)) {
|
||||
header('Location: ?/config' . ($board_config ? '/' . $board_config : ''), true, $config['redirect_http']);
|
||||
return;
|
||||
}
|
||||
else {
|
||||
file_put_contents($config_file, $old_code);
|
||||
error($config['error']['badsyntax'] . $resp);
|
||||
}
|
||||
}
|
||||
|
||||
$instance_config = @file_get_contents($config_file);
|
||||
|
Loading…
Reference in New Issue
Block a user