3 files changed, 15 insertions, 4 deletions

diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php
new file mode 100644
index 000000000..3112fb5f3
--- /dev/null
+++ b/actions/admin/site/regenerate_secret.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Generate a new site secret
+ */
+
+init_site_secret();
+elgg_reset_system_cache();
+
+system_message(elgg_echo('admin:site:secret_regenerated'));
+
+forward(REFERER);
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 0fd8d1f35..4888b0a8d 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -14,10 +14,10 @@ if ($site = elgg_get_site_entity()) {
 		throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite'));
 	}
 
-	$site->url = get_input('wwwroot');
+	$site->url = rtrim(get_input('wwwroot', '', false), '/') . '/';
 
-	datalist_set('path', sanitise_filepath(get_input('path')));
-	$dataroot = sanitise_filepath(get_input('dataroot'));
+	datalist_set('path', sanitise_filepath(get_input('path', '', false)));
+	$dataroot = sanitise_filepath(get_input('dataroot', '', false));
 
 	// check for relative paths
 	if (stripos(PHP_OS, 'win') === 0) {
diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php
index 97d258b65..9765182cc 100644
--- a/actions/admin/site/update_basic.php
+++ b/actions/admin/site/update_basic.php
@@ -16,7 +16,7 @@ if ($site = elgg_get_site_entity()) {
 	}
 
 	$site->description = get_input('sitedescription');
-	$site->name = get_input('sitename');
+	$site->name = strip_tags(get_input('sitename'));
 	$site->email = get_input('siteemail');
 	$site->save();