kashire/lainchan
4
0
Fork 0
Code Issues 18 Pull Requests Releases Wiki Activity

Make it so that users can't insert code w/syntax errors into ?/config

Browse Source
This commit is contained in:
ctrlcctrlv 2013-09-21 02:21:05 +00:00
parent 5906af7dcd
commit 0a58973631
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
inc/config.php
View File

@ -1009,6 +1009,7 @@
$config['error']['modexists'] = _('That mod <a href="?/users/%d">already exists</a>!'); $config['error']['modexists'] = _('That mod <a href="?/users/%d">already exists</a>!');
$config['error']['invalidtheme'] = _('That theme doesn\'t exist!'); $config['error']['invalidtheme'] = _('That theme doesn\'t exist!');
$config['error']['csrf'] = _('Invalid security token! Please go back and try again.'); $config['error']['csrf'] = _('Invalid security token! Please go back and try again.');
$config['error']['badsyntax'] = _('Your code contained PHP syntax errors. Please go back and correct them. PHP says: ');
/* /*
* ========================= * =========================

13
inc/mod/pages.php
View File

@ -2106,9 +2106,18 @@ function mod_config($board_config = false) {
if (!$readonly && isset($_POST['code'])) { if (!$readonly && isset($_POST['code'])) {
$code = $_POST['code']; $code = $_POST['code'];
// Save previous instance_config if php_check_syntax fails
$old_code = file_get_contents($config_file);
file_put_contents($config_file, $code); file_put_contents($config_file, $code);
header('Location: ?/config' . ($board_config ? '/' . $board_config : ''), true, $config['redirect_http']); $resp = shell_exec_error('php -l ' . $config_file);
return; if (preg_match('/No syntax errors detected/', $resp)) {
header('Location: ?/config' . ($board_config ? '/' . $board_config : ''), true, $config['redirect_http']);
return;
}
else {
file_put_contents($config_file, $old_code);
error($config['error']['badsyntax'] . $resp);
}
} }
$instance_config = @file_get_contents($config_file); $instance_config = @file_get_contents($config_file);