diff options
| author | Michal Čihař <michal@cihar.com> | 2006-07-28 18:49:47 +0400 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2006-07-28 18:49:47 +0400 |
| commit | fbfb5d2f027747a040515c790d65d2b973f670f4 (patch) | |
| tree | 12ca990ced6297bf6ab16723a5bb836713d93382 /scripts | |
| parent | 708c596779f8f1efbcefd801e9fac9fd0d1bb5ee (diff) | |
Protect against php code input from user (bug #1530370).
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/setup.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/scripts/setup.php b/scripts/setup.php index 594bfa8b7c..0d9e38523b 100644 --- a/scripts/setup.php +++ b/scripts/setup.php @@ -395,17 +395,21 @@ function get_server_auth($val) { * * @return string fancy server name */ -function get_server_name($val, $id = FALSE) { +function get_server_name($val, $id = FALSE, $escape = true) { if (!empty($val['verbose'])) { - $ret = htmlspecialchars($val['verbose']); + $ret = $val['verbose']; } else { - $ret = htmlspecialchars($val['host']); + $ret = $val['host']; } $ret .= ' (' . get_server_auth($val) . ')'; if ($id !== FALSE) { $ret .= ' [' . ($id + 1) . ']' ; } - return $ret; + if ($escape) { + return htmlspecialchars($ret); + } else { + return $ret; + } } @@ -502,7 +506,7 @@ function get_cfg_string($cfg) { if (count($c['Servers']) > 0) { $ret .= "/* Servers configuration */\n\$i = 0;\n"; foreach ($c['Servers'] as $cnt => $srv) { - $ret .= "\n/* Server " . get_server_name($srv, $cnt) . " */\n\$i++;\n"; + $ret .= "\n/* Server " . strtr(get_server_name($srv, $cnt, false), '*', '-') . " */\n\$i++;\n"; foreach ($srv as $key => $val) { $ret .= get_cfg_val("\$cfg['Servers'][\$i]['$key']", $val); } |