From 3cad16d2b777fe04fbeec390960ca5f47295cfac Mon Sep 17 00:00:00 2001
From: Chris Vigelius <me@cv.gd>
Date: Thu, 25 Jun 2015 13:49:55 +0200
Subject: [PATCH 1/2] fix dangerous code

---
 lib/classes/webserver/class.ConfigIO.php          | 9 +++++++--
 lib/functions/filedir/function.makeCorrectDir.php | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/classes/webserver/class.ConfigIO.php b/lib/classes/webserver/class.ConfigIO.php
index 1a7f4ecd..745e80a3 100644
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -89,8 +89,13 @@ class ConfigIO {
 
 		// get directories
 		$configdirs = array();
-		$configdirs[] = makeCorrectDir($this->_getFile('system', 'apacheconf_vhost'));
-		$configdirs[] = makeCorrectDir($this->_getFile('system', 'apacheconf_diroptions'));
+		$dir = $this->_getFile('system', 'apacheconf_vhost');
+		if ($dir !== false)
+			$configdirs[] = makeCorrectDir($dir);
+
+		$dir = $this->_getFile('system', 'apacheconf_diroptions')
+		if ($dir !== false)
+			$configdirs[] = makeCorrectDir($dir);
 
 		// file pattern
 		$pattern = "/^([0-9]){2}_(froxlor|syscp)_(.+)\.conf$/";
diff --git a/lib/functions/filedir/function.makeCorrectDir.php b/lib/functions/filedir/function.makeCorrectDir.php
index d08eb149..f457818b 100644
--- a/lib/functions/filedir/function.makeCorrectDir.php
+++ b/lib/functions/filedir/function.makeCorrectDir.php
@@ -26,6 +26,8 @@
  */
 function makeCorrectDir($dir) {
 
+	assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+
 	$dir = trim($dir);
 
 	if (substr($dir, -1, 1) != '/') {

From 92cf4c16e39d16e1adc2f26696bcd186e9a8cd36 Mon Sep 17 00:00:00 2001
From: Chris Vigelius <me@cv.gd>
Date: Thu, 25 Jun 2015 14:08:19 +0200
Subject: [PATCH 2/2] missing semicolon

---
 lib/classes/webserver/class.ConfigIO.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/classes/webserver/class.ConfigIO.php b/lib/classes/webserver/class.ConfigIO.php
index 745e80a3..e2741557 100644
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -93,7 +93,7 @@ class ConfigIO {
 		if ($dir !== false)
 			$configdirs[] = makeCorrectDir($dir);
 
-		$dir = $this->_getFile('system', 'apacheconf_diroptions')
+		$dir = $this->_getFile('system', 'apacheconf_diroptions');
 		if ($dir !== false)
 			$configdirs[] = makeCorrectDir($dir);