From f9f477361644cdb466948500c8a51a9d2f0dc95c Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Mon, 23 Sep 2013 14:48:02 +0200
Subject: [PATCH] properly escape custom-error strings in apache2, fixes #1009

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 scripts/jobs/cron_tasks.inc.http.10.apache.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php
index c9e17a3e..a85d1b04 100644
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
@@ -145,9 +145,11 @@ class apache
 				if ($this->settings['defaultwebsrverrhandler']['err' . $statusCode] != '') {
 					$defhandler = $this->settings['defaultwebsrverrhandler']['err' . $statusCode];
 					if (!validateUrl($defhandler)) {
-						$defhandler = makeCorrectFile($defhandler);
+						if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') {
+							$defhandler = '"'.makeCorrectFile($defhandler).'"';
+						}
 					}
-					$this->virtualhosts_data[$vhosts_filename] .= 'ErrorDocument ' . $statusCode . ' "' . $defhandler . '"'."\n";
+					$this->virtualhosts_data[$vhosts_filename] .= 'ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n";
 				}
 			}
 		}
@@ -872,9 +874,11 @@ class apache
 					) {
 						$defhandler = $row_diroptions['error' . $statusCode . 'path'];
 						if (!validateUrl($defhandler)) {
-							$defhandler = makeCorrectFile($defhandler);
+							if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') {
+								$defhandler = '"'.makeCorrectFile($defhandler).'"';
+							}
 						}
-						$this->diroptions_data[$diroptions_filename].= '  ErrorDocument ' . $statusCode . ' "' . $defhandler. '"' . "\n";
+						$this->diroptions_data[$diroptions_filename].= '  ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n";
 					}
 				}