From a56a3946a4d15d36831d06ec822d6b248e839960 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Wed, 7 Mar 2012 14:21:49 +0100
Subject: [PATCH] Fix: clean parameters

---
 htdocs/filefunc.inc.php             |  7 +++++++
 htdocs/install/inc.php              | 17 ++++++++++++-----
 htdocs/public/paybox/newpayment.php |  2 +-
 htdocs/public/paypal/newpayment.php |  2 +-
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/htdocs/filefunc.inc.php b/htdocs/filefunc.inc.php
index 828ab026090..821b8aa8693 100755
--- a/htdocs/filefunc.inc.php
+++ b/htdocs/filefunc.inc.php
@@ -76,6 +76,13 @@ if (! $result && ! empty($_SERVER["GATEWAY_INTERFACE"]))    // If install not do
 	exit;
 }
 
+// Clean parameters
+$dolibarr_main_data_root=trim($dolibarr_main_data_root);
+$dolibarr_main_url_root=trim($dolibarr_main_url_root);
+$dolibarr_main_url_root_alt=trim($dolibarr_main_url_root_alt);
+$dolibarr_main_document_root=trim($dolibarr_main_document_root);
+$dolibarr_main_document_root_alt=trim($dolibarr_main_document_root_alt);
+
 if (empty($dolibarr_main_db_port)) $dolibarr_main_db_port=0;		// Pour compatibilite avec anciennes configs, si non defini, on prend 'mysql'
 if (empty($dolibarr_main_db_type)) $dolibarr_main_db_type='mysql';	// Pour compatibilite avec anciennes configs, si non defini, on prend 'mysql'
 if (empty($dolibarr_main_db_prefix)) $dolibarr_main_db_prefix='llx_';
diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index fafb001bd18..27896306b43 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -93,14 +93,21 @@ if (! defined('DONOTLOADCONF') && file_exists($conffile))
     $result=include_once($conffile);	// Load conf file
     if ($result)
     {
+    	// Clean parameters
+    	$dolibarr_main_data_root=trim($dolibarr_main_data_root);
+    	$dolibarr_main_url_root=trim($dolibarr_main_url_root);
+    	$dolibarr_main_url_root_alt=trim($dolibarr_main_url_root_alt);
+    	$dolibarr_main_document_root=trim($dolibarr_main_document_root);
+    	$dolibarr_main_document_root_alt=trim($dolibarr_main_document_root_alt);
+    	
         //if (empty($dolibarr_main_db_type)) $dolibarr_main_db_type='mysql';	// For backward compatibility
 
         // Remove last / or \ on directories or url value
-        if (! empty($dolibarr_main_document_root) && ! preg_match('/^[\\/]+$/',$dolibarr_main_document_root)) $dolibarr_main_document_root=preg_replace('/[\\/]+$/','',$dolibarr_main_document_root);
-        if (! empty($dolibarr_main_url_root)      && ! preg_match('/^[\\/]+$/',$dolibarr_main_url_root))      $dolibarr_main_url_root=preg_replace('/[\\/]+$/','',$dolibarr_main_url_root);
-        if (! empty($dolibarr_main_data_root)     && ! preg_match('/^[\\/]+$/',$dolibarr_main_data_root))     $dolibarr_main_data_root=preg_replace('/[\\/]+$/','',$dolibarr_main_data_root);
-        if (! empty($dolibarr_main_document_root_alt) && ! preg_match('/^[\\/]+$/',$dolibarr_main_document_root_alt)) $dolibarr_main_document_root_alt=preg_replace('/[\\/]+$/','',$dolibarr_main_document_root_alt);
-        if (! empty($dolibarr_main_url_root_alt)      && ! preg_match('/^[\\/]+$/',$dolibarr_main_url_root_alt))      $dolibarr_main_url_root_alt=preg_replace('/[\\/]+$/','',$dolibarr_main_url_root_alt);
+        if (! empty($dolibarr_main_document_root)		&& ! preg_match('/^[\\/]+$/',$dolibarr_main_document_root))		$dolibarr_main_document_root=preg_replace('/[\\/]+$/','',$dolibarr_main_document_root);
+        if (! empty($dolibarr_main_url_root)			&& ! preg_match('/^[\\/]+$/',$dolibarr_main_url_root))			$dolibarr_main_url_root=preg_replace('/[\\/]+$/','',$dolibarr_main_url_root);
+        if (! empty($dolibarr_main_data_root)			&& ! preg_match('/^[\\/]+$/',$dolibarr_main_data_root))			$dolibarr_main_data_root=preg_replace('/[\\/]+$/','',$dolibarr_main_data_root);
+        if (! empty($dolibarr_main_document_root_alt)	&& ! preg_match('/^[\\/]+$/',$dolibarr_main_document_root_alt))	$dolibarr_main_document_root_alt=preg_replace('/[\\/]+$/','',$dolibarr_main_document_root_alt);
+        if (! empty($dolibarr_main_url_root_alt)		&& ! preg_match('/^[\\/]+$/',$dolibarr_main_url_root_alt))		$dolibarr_main_url_root_alt=preg_replace('/[\\/]+$/','',$dolibarr_main_url_root_alt);
 
         // Create conf object
         if (! empty($dolibarr_main_document_root))
diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php
index 46ae9815848..bcdbbab2341 100644
--- a/htdocs/public/paybox/newpayment.php
+++ b/htdocs/public/paybox/newpayment.php
@@ -75,7 +75,7 @@ if (! GETPOST("action"))
     }
 }
 
-$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolibarr_main_url_root);
+$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
 $urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paybox/paymentok.php?';
 $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paybox/paymentko.php?';
 
diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
index a3a82583bcd..8c7e7189a33 100755
--- a/htdocs/public/paypal/newpayment.php
+++ b/htdocs/public/paypal/newpayment.php
@@ -77,7 +77,7 @@ if (! GETPOST("action"))
     }
 }
 
-$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolibarr_main_url_root);
+$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
 $urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?';
 $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
 
-- 
GitLab