diff --git a/admin_domains.php b/admin_domains.php
index eb8a771c..cd9deb08 100644
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -451,6 +451,10 @@ if($page == 'domains'
 				{
 					standard_error(array('stringisempty', 'mydocumentroot'));
 				}
+				elseif(strstr($documentroot, ":") !== FALSE)
+				{
+					standard_error('pathmaynotcontaincolon');
+				}
 				elseif($customerid == 0)
 				{
 					standard_error('adduserfirst');
@@ -744,6 +748,11 @@ if($page == 'domains'
 					{
 						$documentroot = $customer['documentroot'];
 					}
+
+					if(strstr($documentroot, ":") !== FALSE)
+					{
+						standard_error('pathmaynotcontaincolon');
+					}
 				}
 				else
 				{
diff --git a/customer_domains.php b/customer_domains.php
index 360a2a15..e7382e52 100644
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -251,6 +251,10 @@ elseif($page == 'domains')
 				{
 					$path = $userinfo['documentroot'] . '/' . $path;
 					$path = makeCorrectDir($path);
+					if (strstr($path, ":") !== FALSE)
+					{
+						standard_error('pathmaynotcontaincolon');
+					}
 				}
 				else
 				{
@@ -412,6 +416,10 @@ elseif($page == 'domains')
 				{
 					$path = $userinfo['documentroot'] . '/' . $path;
 					$path = makeCorrectDir($path);
+					if (strstr($path, ":") !== FALSE)
+					{
+						standard_error('pathmaynotcontaincolon');
+					}
 				}
 				else
 				{
diff --git a/lib/functions/validate/function.appenOpenbasedirPath.php b/lib/functions/validate/function.appenOpenbasedirPath.php
new file mode 100644
index 00000000..2e77d16d
--- /dev/null
+++ b/lib/functions/validate/function.appenOpenbasedirPath.php
@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Functions
+ * @version    $Id$
+ */
+
+/**
+ * checks give path for security issues
+ * and returns a string that can be appended
+ * to a line for a open_basedir directive
+ * 
+ * @param string  $path  the path to check and append
+ * @param boolean $first if true, no ':' will be prefixed to the path
+ * 
+ * @return string
+ */
+function appendOpenBasedirPath($path = '', $first = false)
+{
+	$path = makeCorrectDir($path);
+	if($path != ''
+		&& $path != '/'
+		&& !preg_match("#^/dev#i", $path)                                                       
+		&& !preg_match("#^/proc#i", $path)                                                                             
+		&& !preg_match("#^/etc#i", $path)                                                                                                       
+		&& !preg_match("#^/sys#i", $path)
+		&& !preg_match("#:#", $path)
+	) {
+		if($first)
+			return $path;
+
+		return ':' . $path;
+	}
+	return '';
+}
diff --git a/lng/english.lng.php b/lng/english.lng.php
index d6dcb853..b05b11ea 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1401,4 +1401,7 @@ $lng['serversettings']['customredirect_enabled']['description'] = 'Allow custome
 $lng['serversettings']['customredirect_default']['title'] = 'Default redirect';
 $lng['serversettings']['customredirect_default']['description'] = 'Set the default redirect-code which should be used if the customer does not set it himself';
 
+// ADDED IN FROXLOR 0.9.7-svn2
+$lng['error']['pathmaynotcontaincolon'] = 'The path you have entered should not contain a colon (":"). Please enter a correct path value.';
+
 ?>
diff --git a/lng/german.lng.php b/lng/german.lng.php
index 1de6e665..6942c048 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1397,4 +1397,7 @@ $lng['serversettings']['customredirect_enabled']['description'] = 'Erlaubt es Ku
 $lng['serversettings']['customredirect_default']['title'] = 'Standard Redirect';
 $lng['serversettings']['customredirect_default']['description'] = 'Dieser Redirect wird immer genutzt, sofern der Kunde keinen anderen ausw&auml;hlt.';
 
+// ADDED IN FROXLOR 0.9.7-svn2
+$lng['error']['pathmaynotcontaincolon'] = 'Der eingegebene Pfad sollte keinen Doppelpunkt (":") enthalten. Bitte geben Sie einen korrekten Wert f&uuml;r den Pfad ein.';
+
 ?>
diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index 83026dcb..cbc52c4e 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -270,23 +270,17 @@ class apache
 
 			if($domain['openbasedir'] == '1')
 			{
-				if($this->settings['system']['phpappendopenbasedir'] != '')
+				if($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false)
 				{
-					$_phpappendopenbasedir = ':' . $this->settings['system']['phpappendopenbasedir'];
+					$_phpappendopenbasedir = appendOpenBasedirPath($domain['customerroot'], true);
 				}
 				else
 				{
-					$_phpappendopenbasedir = '';
-				}
-
-				if($domain['openbasedir_path'] == '1')
-				{
-					$php_options_text.= '  php_admin_value open_basedir "' . $domain['customerroot'] . $_phpappendopenbasedir . "\"\n";
-				}
-				else
-				{
-					$php_options_text.= '  php_admin_value open_basedir "' . $domain['documentroot'] . $_phpappendopenbasedir . "\"\n";
+					$_phpappendopenbasedir = appendOpenBasedirPath($domain['documentroot'], true);
 				}
+				$_phpappendopenbasedir .= appendOpenBasedirPath($this->settings['system']['phpappendopenbasedir']);
+				
+				$php_options_text.= '  php_admin_value open_basedir "' . $_phpappendopenbasedir . '"'."\n";
 			}
 
 			if($domain['safemode'] == '0')
diff --git a/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php b/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
index bc89a57e..3506c578 100644
--- a/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
+++ b/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
@@ -166,22 +166,31 @@ class apache_fcgid extends apache
 			if($domain['openbasedir'] == '1')
 			{
 				$openbasedirc = '';
-				if($domain['openbasedir_path'] == '0')
+				$_phpappendopenbasedir = appendOpenBasedirPath($this->settings['system']['mod_fcgid_peardir']);
+				$_phpappendopenbasedir .= appendOpenBasedirPath($this->settings['system']['phpappendopenbasedir']);
+				
+				if($domain['openbasedir_path'] == '0' && strstr($domain['documentroot'], ":") === false)
 				{
-					$openbasedir = $domain['documentroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
+					$openbasedir = appendOpenBasedirPath($domain['documentroot'], true);
 				}
 				else
 				{
-					$openbasedir = $domain['customerroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
+					$openbasedir = appendOpenBasedirPath($domain['customerroot'], true);
 				}
 
+				$openbasedir .= appendOpenBasedirPath($tmpdir);
+				$openbasedir .= $_phpappendopenbasedir;
+
 				$openbasedir = explode(':', $openbasedir);
+				$clean_openbasedir = array();
 				foreach($openbasedir as $number => $path)
 				{
-					$openbasedir[$number] = makeCorrectDir($path);
+					if(trim($path) != '/')
+					{
+						$clean_openbasedir[] = makeCorrectDir($path);
+					}
 				}
-
-				$openbasedir = implode(':', $openbasedir);
+				$openbasedir = implode(':', $clean_openbasedir);
 			}
 			else
 			{
diff --git a/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php b/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
index 1d2e4ed8..13a0a091 100644
--- a/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
+++ b/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
@@ -190,22 +190,31 @@ class lighttpd_fcgid extends lighttpd
 			if($domain['openbasedir'] == '1')
 			{
 				$openbasedirc = '';
-				if($domain['openbasedir_path'] == '0')
+				$_phpappendopenbasedir = appendOpenBasedirPath($this->settings['system']['mod_fcgid_peardir']);
+				$_phpappendopenbasedir .= appendOpenBasedirPath($this->settings['system']['phpappendopenbasedir']);
+
+				if($domain['openbasedir_path'] == '0' && strstr($domain['documentroot'], ":") === false)
 				{
-					$openbasedir = $domain['documentroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
+					$openbasedir = appendOpenBasedirPath($domain['documentroot'], true);
 				}
 				else
 				{
-					$openbasedir = $domain['customerroot'] . ':' . $tmpdir . ':' . $this->settings['system']['mod_fcgid_peardir'] . ':' . $this->settings['system']['phpappendopenbasedir'];
+					$openbasedir = appendOpenBasedirPath($domain['customerroot'], true);
 				}
 
+				$openbasedir .= appendOpenBasedirPath($tmpdir);
+				$openbasedir .= $_phpappendopenbasedir;
+
 				$openbasedir = explode(':', $openbasedir);
+				$clean_openbasedir = array();
 				foreach($openbasedir as $number => $path)
 				{
-					$openbasedir[$number] = makeCorrectDir($path);
+					if(trim($path) != '/')
+					{
+						$clean_openbasedir[] = makeCorrectDir($path);
+					}
 				}
-
-				$openbasedir = implode(':', $openbasedir);
+				$openbasedir = implode(':', $clean_openbasedir);
 			}
 			else
 			{