github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

12
web/add/favorite/index.php
View file

@ -9,13 +9,15 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
// if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
// header('location: /login/');
// exit;
// exit();
// }
$v_section = $_REQUEST['v_section'];
$v_unit_id = $_REQUEST['v_unit_id'];
// Protect input
$v_section = escapeshellarg($_REQUEST['v_section']);
$v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
$_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id] = 1;
$_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']] = 1;
v_exec('v-add-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
exec (VESTA_CMD."v-add-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var);
// check_return_code($return_var,$output);
?>