diff --git a/lib/functions/formfields/string/function.validateFormFieldString.php b/lib/functions/formfields/string/function.validateFormFieldString.php
index f60499e9..4993ce61 100644
--- a/lib/functions/formfields/string/function.validateFormFieldString.php
+++ b/lib/functions/formfields/string/function.validateFormFieldString.php
@@ -68,6 +68,26 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
 				$returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue));
 			}
 		}
+		elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'confdir') {
+			// check for empty value (it might be allowed)
+			if (trim($newfieldvalue) == '') {
+				$newfieldvalue = '';
+				$returnvalue = 'stringmustntbeempty';
+			} else {
+				// add trailing slash to validate path if needed
+				// refs #331
+				if (substr($newfieldvalue, -1) != '/') {
+					$newfieldvalue.= '/';
+				}
+				// if this is a configuration directory, check for stupidity of admins :p
+				if (checkDisallowedPaths($newfieldvalue) !== true) {
+					$newfieldvalue = '';
+					$returnvalue = 'givendirnotallowed';
+				} else {
+					$returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue));
+				}
+			}
+		}
 		elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') {
 			// check for empty value (it might be allowed)
 			if (trim($newfieldvalue) == '') {
diff --git a/lib/functions/settings/function.storeSettingField.php b/lib/functions/settings/function.storeSettingField.php
index 21bc7ccf..e3828043 100644
--- a/lib/functions/settings/function.storeSettingField.php
+++ b/lib/functions/settings/function.storeSettingField.php
@@ -17,62 +17,58 @@
  *
  */
 
-function storeSettingField($fieldname, $fielddata, $newfieldvalue)
-{
-	if(is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] != '' && isset($fielddata['varname']) && $fielddata['varname'] != '')
-	{
+function storeSettingField($fieldname, $fielddata, $newfieldvalue) {
 
-		if(saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false)
-		{
+	if (is_array($fielddata)
+			&& isset($fielddata['settinggroup'])
+			&& $fielddata['settinggroup'] != ''
+			&& isset($fielddata['varname'])
+			&& $fielddata['varname'] != ''
+	) {
+		if (saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false) {
 			/*
 			 * when fielddata[cronmodule] is set, this means enable/disable a cronjob
-			 */
-			if(isset($fielddata['cronmodule']) && $fielddata['cronmodule'] != '')
-			{
+			*/
+			if (isset($fielddata['cronmodule'])
+					&& $fielddata['cronmodule'] != ''
+			) {
 				toggleCronStatus($fielddata['cronmodule'], $newfieldvalue);
 			}
 
 			/*
 			 * satisfy dependencies
-			 */
-			if(isset($fielddata['dependency']) && is_array($fielddata['dependency']))
-			{
-				if((int)$fielddata['dependency']['onlyif'] == (int)$newfieldvalue)
-				{
+			*/
+			if (isset($fielddata['dependency'])
+					&& is_array($fielddata['dependency'])
+			) {
+				if ((int)$fielddata['dependency']['onlyif'] == (int)$newfieldvalue) {
 					storeSettingField($fielddata['dependency']['fieldname'], $fielddata['dependency']['fielddata'], $newfieldvalue);
 				}
 			}
 
 			return array($fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue);
-		}
-		else
-		{
+		} else {
 			return false;
 		}
-	}
-	else
-	{
+	} else {
 		return false;
 	}
 }
 
-function storeSettingFieldInsertBindTask($fieldname, $fielddata, $newfieldvalue)
-{
-	if(is_array($fielddata) && isset($fielddata['settinggroup']) && $fielddata['settinggroup'] != '' && isset($fielddata['varname']) && $fielddata['varname'] != '')
-	{
-		if(saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false)
-		{
+function storeSettingFieldInsertBindTask($fieldname, $fielddata, $newfieldvalue) {
+
+	if (is_array($fielddata)
+			&& isset($fielddata['settinggroup'])
+			&& $fielddata['settinggroup'] != ''
+			&& isset($fielddata['varname'])
+			&& $fielddata['varname'] != ''
+	) {
+		if (saveSetting($fielddata['settinggroup'], $fielddata['varname'], $newfieldvalue) != false) {
 			return array($fielddata['settinggroup'] . '.' . $fielddata['varname'] => $newfieldvalue);
-		}
-		else
-		{
+		} else {
 			return false;
 		}
-	}
-	else
-	{
+	} else {
 		return false;
 	}
 }
-
-?>
diff --git a/lib/functions/validate/function.checkDisallowedPaths.php b/lib/functions/validate/function.checkDisallowedPaths.php
new file mode 100644
index 00000000..80422014
--- /dev/null
+++ b/lib/functions/validate/function.checkDisallowedPaths.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2013 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Functions
+ *
+ * @since      0.9.30
+ *
+ */
+
+/**
+ * checks a directory against disallowed paths which could
+ * lead to a damaged system if you use them
+ *
+ * @param string $fieldname
+ * @param array $fielddata
+ * @param mixed $newfieldvalue
+ *
+ * @return boolean|array
+ */
+function checkDisallowedPaths($path = null) {
+
+	/*
+	 * disallow base-directories and /
+	 */
+	$disallowed_values = array(
+		"/", "/bin/", "/boot/", "/dev/", "/etc/", "/home/", "/lib/", "/lib32/", "/lib64/",
+		"/opt/", "/proc/", "/root/", "/run/", "/sbin/", "/sys/", "/tmp/", "/usr/", "/var/"	
+	);
+
+	$path = makeCorrectDir($path);
+
+	// check if it's a disallowed path
+	if (in_array($path, $disallowed_values)) {
+		return false;
+	}
+	return true;
+}
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 244de80a..cde9455a 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1971,3 +1971,4 @@ $lng['admin']['selectserveralias_desc'] = 'Chose whether froxlor should create a
 $lng['domains']['serveraliasoption_wildcard'] = 'Wildcard (*.domain.tld)';
 $lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)';
 $lng['domains']['serveraliasoption_none'] = 'No alias';
+$lng['error']['givendirnotallowed'] = 'The given directory in field %s is not allowed.';
diff --git a/lng/german.lng.php b/lng/german.lng.php
index 75b9fa55..bdf9ec4d 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1691,3 +1691,4 @@ $lng['admin']['selectserveralias_desc'] = 'Wählen Sie hier, ob für diese Domai
 $lng['domains']['serveraliasoption_wildcard'] = 'Wildcard (*.domain.tld)';
 $lng['domains']['serveraliasoption_www'] = 'WWW (www.domain.tld)';
 $lng['domains']['serveraliasoption_none'] = 'Kein alias';
+$lng['error']['givendirnotallowed'] = 'Das angegebene Verzeichnis im Feld %s ist nicht erlaubt.';