Fixed problems withs path in windows, tiquets: #2153,#2114

pandora_console/include/functions_config.php

@@ -119,7 +119,7 @@ function config_update_config () {
 				case 'general':
 					if (!config_update_value ('language', (string) get_parameter ('language')))
 						$error_update[] = __('Language code for Pandora');
-					if (!config_update_value ('remote_config', (string) get_parameter ('remote_config')))
+					if (!config_update_value ('remote_config', io_safe_input((string) get_parameter ('remote_config'))))
 						$error_update[] = __('Remote config directory');
 					if (!config_update_value ('loginhash_pwd', io_input_password((string) get_parameter ('loginhash_pwd'))))
 						$error_update[] = __('Auto login (hash) password');
@@ -130,7 +130,7 @@ function config_update_config () {
 						$error_update[] = __('Automatic check for updates');
 					if (!config_update_value ('https', (bool) get_parameter ('https')))
 						$error_update[] = __('Enforce https');
-					if (!config_update_value ('attachment_store', (string) get_parameter ('attachment_store')))
+					if (!config_update_value ('attachment_store', io_safe_input((string) get_parameter ('attachment_store'))))
 						$error_update[] = __('Attachment store');
 					if (!config_update_value ('list_ACL_IPs_for_API', (string) get_parameter('list_ACL_IPs_for_API')))
 						$error_update[] = __('IP list with API access');
@@ -413,7 +413,7 @@ function config_update_config () {
 						$error_update[] = __('Show QR code header');
 					if (!config_update_value ('status_images_set', (string) get_parameter ('status_images_set')))
 						$error_update[] = __('Status icon set');
-					if (!config_update_value ('fontpath', (string) get_parameter ('fontpath')))
+					if (!config_update_value ('fontpath', io_safe_input((string) get_parameter ('fontpath'))))
 						$error_update[] = __('Font path');
 					if (!config_update_value ('font_size', get_parameter('font_size')))
 						$error_update[] = __('Font size');
@@ -451,7 +451,7 @@ function config_update_config () {
 						$error_update[] = __('Fixed menu');
 					if (!config_update_value ('paginate_module', get_parameter('paginate_module')))
 						$error_update[] = __('Paginate module');
-					if (!config_update_value ('graphviz_bin_dir', get_parameter('graphviz_bin_dir')))
+					if (!config_update_value ('graphviz_bin_dir', io_safe_input(get_parameter('graphviz_bin_dir'))))
 						$error_update[] = __('Custom graphviz directory');
 					if (!config_update_value ('networkmap_max_width', get_parameter('networkmap_max_width')))
 						$error_update[] = __('Networkmap max width');
@@ -461,7 +461,7 @@ function config_update_config () {
 						$error_update[] = __('Show the group name instead the group icon.');
 					if (!config_update_value ('custom_graph_widht', (int) get_parameter('custom_graph_widht', 1)))
 						$error_update[] = __('Default line thickness for the Custom Graph.');
-					if (!config_update_value ('render_proc', (int) get_parameter('render_proc', 0)))
+					if (!config_update_value ('render_proc', (bool) get_parameter('render_proc', false)))
 						$error_update[] = __('Render data of module type is proc.');
 					
 					
@@ -625,7 +625,7 @@ function config_update_config () {
 	enterprise_include_once('include/functions_policies.php');
 	$enterprise = enterprise_include_once ('include/functions_skins.php');
 	if ($enterprise !== ENTERPRISE_NOT_HOOK) {
-		$config['relative_path'] = get_parameter('relative_path', $config['relative_path']);
+		$config['relative_path'] = get_parameter('relative_path', io_safe_input($config['relative_path']));
 	}
 }
 
@@ -653,7 +653,7 @@ function config_process_config () {
 	
 	if (isset ($config['homeurl']) && (strlen($config['homeurl']) > 0)) {
 		if ($config['homeurl'][0] != '/') {
-			$config['homeurl'] = '/'.$config['homeurl'];
+			$config['homeurl'] = '/'.io_safe_input($config['homeurl']);
 		}
 	}
 	
@@ -862,21 +862,21 @@ function config_process_config () {
 	// dir.
 	if (!isset ($config['attachment_store'])) {
 		config_update_value('attachment_store',
-			$config['homedir'] . '/attachment');
+			io_safe_input($config['homedir']) . '/attachment');
 	}
 	else {
 		//Fixed when the user moves the pandora console to another dir
 		//after the first uses.
 		if (!is_dir($config['attachment_store'])) {
 			config_update_value('attachment_store',
-				$config['homedir'] . '/attachment');
+				io_safe_input($config['homedir']) . '/attachment');
 		}
 	}
 	
 	
 	if (!isset ($config['fontpath'])) {
 		config_update_value('fontpath',
-			$config['homedir'] . '/include/fonts/smallfont.ttf');
+			io_safe_input($config['homedir']) . '/include/fonts/smallfont.ttf');
 	}
 	
 	if (!isset ($config['style'])) {
@@ -1468,6 +1468,7 @@ function config_check () {
 	$PHPmemory_limit = config_return_in_bytes(ini_get('memory_limit'));
 	$PHPmax_execution_time = ini_get('max_execution_time');
 	$PHPsafe_mode = ini_get('safe_mode');
+	$PHPdisable_functions = ini_get('disable_functions');
 	
 	if ($PHPsafe_mode === '1') {
 		set_pandora_error_for_header(
@@ -1502,6 +1503,12 @@ function config_check () {
 			sprintf(__('Recommended value is: %s'), sprintf(__('%s or greater'), '500M')) . '<br><br>' . __('Please, change it on your PHP configuration file (php.ini) or contact with administrator'),
 			sprintf(__("Not recommended '%s' value in PHP configuration"), 'memory_limit'));
 	}
+	
+	if (preg_match("/system/", $PHPdisable_functions) or preg_match("/exec/", $PHPdisable_functions)) {
+		set_pandora_error_for_header( 
+			__("Variable disable_functions containts functions system() or exec(), in PHP configuration file (php.ini)"). '<br /><br />' . 
+			__('Please, change it on your PHP configuration file (php.ini) or contact with administrator (Dont forget restart apache process after changes)'), __("Problems with disable functions in PHP.INI"));
+	}
 }
 
 function config_return_in_bytes($val) {