From 148b2fc1beaf379a49064732365155647c0167e3 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Wed, 27 Dec 2017 10:01:07 +0100
Subject: [PATCH] validating config-template parameters; avoid URL misuse, thx
 to hyp3rlinx for noticing this

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 admin_configfiles.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/admin_configfiles.php b/admin_configfiles.php
index 29ae9437..949e9417 100644
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -82,6 +82,12 @@ if ($userinfo['change_serversettings'] == '1') {
 	$config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');
 
 	if ($distribution != "") {
+
+		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
+			trigger_error("Unknown distribution, are you playing around with the URL?");
+			exit;
+		}
+
 		// create configparser object
 		$configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");
 
@@ -93,6 +99,11 @@ if ($userinfo['change_serversettings'] == '1') {
 
 		if ($service != "") {
 
+			if (!isset($services[$service])) {
+				trigger_error("Unknown service, are you playing around with the URL?");
+				exit;
+			}
+
 			$daemons = $services[$service]->getDaemons();
 
 			if ($daemon == "") {
@@ -136,6 +147,11 @@ if ($userinfo['change_serversettings'] == '1') {
 
 	if ($distribution != "" && $service != "" && $daemon != "") {
 
+		if (!isset($daemons[$daemon])) {
+			trigger_error("Unknown daemon, are you playing around with the URL?");
+			exit;
+		}
+
 		$confarr = $daemons[$daemon]->getConfig();
 
 		$configpage = '';