From bdf03486d241f161eb03b59646d61c521d3d16b7 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 16 Dec 2013 18:33:57 +0100 Subject: [PATCH 1/2] set better defaults (sites-enabled/* is included in apache by default on most systems) Signed-off-by: Michael Kaufmann (d00p) --- install/froxlor.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/froxlor.sql b/install/froxlor.sql index 9b82d9cd..a9348199 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -453,8 +453,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'nameservers', ''), ('system', 'mxservers', ''), ('system', 'mod_fcgid', '0'), - ('system', 'apacheconf_vhost', '/etc/apache2/vhosts.conf'), - ('system', 'apacheconf_diroptions', '/etc/apache2/diroptions.conf'), + ('system', 'apacheconf_vhost', '/etc/apache2/sites-enabled/'), + ('system', 'apacheconf_diroptions', '/etc/apache2/sites-enabled/'), ('system', 'apacheconf_htpasswddir', '/etc/apache2/htpasswd/'), ('system', 'webalizer_quiet', '2'), ('system', 'last_archive_run', '000000'), From 7256d4ff91e6324f7d1b42cdf6d7f9f5d5e86cf3 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Tue, 17 Dec 2013 07:57:38 +0100 Subject: [PATCH 2/2] fix possible xss-target Signed-off-by: Michael Kaufmann (d00p) --- admin_tickets.php | 2 +- customer_tickets.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/admin_tickets.php b/admin_tickets.php index f38311cc..59902cf6 100644 --- a/admin_tickets.php +++ b/admin_tickets.php @@ -376,7 +376,7 @@ if ($page == 'tickets' $priorities = makeoption($lng['ticket']['high'], '1', $mainticket->Get('priority'), true, true); $priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true); $priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true); - $subject = $mainticket->Get('subject'); + $subject = htmlentities($mainticket->Get('subject')); $ticket_replies_count = $numrows_andere + 1; // don't forget the main-ticket! diff --git a/customer_tickets.php b/customer_tickets.php index 945b0951..40ed85ad 100644 --- a/customer_tickets.php +++ b/customer_tickets.php @@ -326,7 +326,7 @@ if($page == 'overview') { $priorities = makeoption($lng['ticket']['high'], '1', $mainticket->Get('priority'), true, true); $priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true); $priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true); - $subject = $mainticket->Get('subject'); + $subject = htmlentities($mainticket->Get('subject')); $ticket_replies_count = $numrows_andere + 1; // don't forget the main-ticket!