From 3cad16d2b777fe04fbeec390960ca5f47295cfac Mon Sep 17 00:00:00 2001
From: Chris Vigelius <me@cv.gd>
Date: Thu, 25 Jun 2015 13:49:55 +0200
Subject: [PATCH] fix dangerous code

---
 lib/classes/webserver/class.ConfigIO.php          | 9 +++++++--
 lib/functions/filedir/function.makeCorrectDir.php | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/classes/webserver/class.ConfigIO.php b/lib/classes/webserver/class.ConfigIO.php
index 1a7f4ecd..745e80a3 100644
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -89,8 +89,13 @@ class ConfigIO {
 
 		// get directories
 		$configdirs = array();
-		$configdirs[] = makeCorrectDir($this->_getFile('system', 'apacheconf_vhost'));
-		$configdirs[] = makeCorrectDir($this->_getFile('system', 'apacheconf_diroptions'));
+		$dir = $this->_getFile('system', 'apacheconf_vhost');
+		if ($dir !== false)
+			$configdirs[] = makeCorrectDir($dir);
+
+		$dir = $this->_getFile('system', 'apacheconf_diroptions')
+		if ($dir !== false)
+			$configdirs[] = makeCorrectDir($dir);
 
 		// file pattern
 		$pattern = "/^([0-9]){2}_(froxlor|syscp)_(.+)\.conf$/";
diff --git a/lib/functions/filedir/function.makeCorrectDir.php b/lib/functions/filedir/function.makeCorrectDir.php
index d08eb149..f457818b 100644
--- a/lib/functions/filedir/function.makeCorrectDir.php
+++ b/lib/functions/filedir/function.makeCorrectDir.php
@@ -26,6 +26,8 @@
  */
 function makeCorrectDir($dir) {
 
+	assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+
 	$dir = trim($dir);
 
 	if (substr($dir, -1, 1) != '/') {