Revert "[SECURITY] Fix OS command injection."

web/delete/backup/exclusion/index.php

@@ -6,17 +6,20 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user = $_GET['user'];
+    $user=$_GET['user'];
 }
 
 if (!empty($_GET['system'])) {
-    $v_system = $_GET['system'];
-    v_exec('v-delete-user-backup-exclusions', [$user, $v_system]);
+    $v_username = escapeshellarg($user);
+    $v_system = escapeshellarg($_GET['system']);
+    exec (VESTA_CMD."v-delete-user-backup-exclusions ".$v_username." ".$v_system, $output, $return_var);
 }
+check_return_code($return_var,$output);
+unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: $back");
+    header("Location: ".$back);
     exit;
 }