wizard: dont change missing parameters

nextcloud · Jan 10, 2019 · 06b00e4 · 06b00e4
1 parent f722c45
commit 06b00e4
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/changelog.md b/changelog.md
@@ -1,7 +1,9 @@
 
-[v1.0.1](https://github.com/nextcloud/nextcloudpi/commit/720b0db) (2019-01-08) nc-update-nc: remove backup after restoring
+[v1.0.2](https://github.com/nextcloud/nextcloudpi/commit/a2f79d2) (2019-01-09) wizard: dont change missing parameters
 
-[v1.0.0](https://github.com/nextcloud/nextcloudpi/commit/013198c) (2019-01-08) ncp-config: allow empty values
+[v1.0.1](https://github.com/nextcloud/nextcloudpi/commit/f722c45) (2019-01-08) nc-update-nc: remove backup after restoring
+
+[v1.0.0  ](https://github.com/nextcloud/nextcloudpi/commit/013198c) (2019-01-08) ncp-config: allow empty values
 
 [v0.67.13](https://github.com/nextcloud/nextcloudpi/commit/21fee19) (2018-12-31) ncp-web: new chinese translate and update chinese translate. (#721)
 

diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
@@ -59,8 +59,12 @@
 
     foreach ($cfg['params'] as $index => $param)
     {
+      // don't touch missing parameters
+      $id = $cfg['params'][$index]['id'];
+      if (!array_key_exists($id, $new_params)) continue;
+
       // sanitize
-      $val = trim(escapeshellarg($new_params[$cfg['params'][$index]['id']]),"'");
+      $val = trim(escapeshellarg($new_params[$id]),"'");
       preg_match( '/ /' , $val , $matches )
         and exit( '{ "output": "Invalid parameters" , "token": "' . getCSRFToken() . '" }' );
 

diff --git a/ncp-web/wizard/index.php b/ncp-web/wizard/index.php
@@ -10,6 +10,10 @@
         <?php 
             session_start();
 
+            ini_set('session.cookie_httponly', 1);
+            if ( isset($_SERVER['HTTPS']) )
+              ini_set('session.cookie_secure', 1);
+
             // security headers
             header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; object-src 'self';");
             header("X-XSS-Protection: 1; mode=block");
@@ -18,9 +22,6 @@
             header("X-Permitted-Cross-Domain-Policies: none");
             header("X-Frame-Options: DENY");
             header("Cache-Control: max-age=15778463");
-            ini_set('session.cookie_httponly', 1);
-            if ( isset($_SERVER['HTTPS']) )
-              ini_set('session.cookie_secure', 1); 
         ?>
         <link rel="icon" type="image/png" href="../img/favicon.png" />
 	</head>