Better error if htaccess dir field is left empty

https://www.virtualmin.com/node/19713

diff --git a/apache/create_htaccess.cgi b/apache/create_htaccess.cgi
index 29c7430..5c3e2f3 100755 (executable)
--- a/apache/create_htaccess.cgi
+++ b/apache/create_htaccess.cgi
@@ -3,9 +3,13 @@
 # Creates a new .htaccess file for some directory
 
 require './apache-lib.pl';
+&error_setup($text{'htaccess_err'});
 &ReadParse();
 $access{'global'} || &error($text{'htaccess_ecannot'});
 $conf = &get_config();
+$in{'file'} || &error($text{'htaccess_eempty'});
+$in{'file'} =~ /^\// && $in{'file'} !~ /\.\./ ||
+       &error($text{'htaccess_eabsolute'});
 
 if (-d $in{'file'}) {
        # user entered a directory.. create a file in that directory
@@ -13,7 +17,9 @@ if (-d $in{'file'}) {
        if (!$accfile) { $accfile = ".htaccess"; }
        $file = "$in{'file'}/$accfile";
        }
-else { $file = $in{'file'}; }
+else {
+       $file = $in{'file'};
+       }
 &allowed_auth_file($file) ||
        &error($text{'htaccess_ecreate'});
 

diff --git a/apache/lang/en b/apache/lang/en
index c3d5ed9..54bd736 100644 (file)
--- a/apache/lang/en
+++ b/apache/lang/en
@@ -208,6 +208,9 @@ htaccess_return=options file list
 htaccess_edir='$1' is not a valid directory
 htaccess_ecreate=You are not allowed to create this options file
 htaccess_edelete=You are not allowed to delete this options file
+htaccess_eempty=No options file directory entered
+htaccess_eabsolute=Options file directory must be an absolute path
+htaccess_err=Failed to create options file
 
 htindex_ecannot=You are not allowed to edit this options file
 htindex_title=Per-Directory Options File