Revert "[SECURITY] Fix OS command injection."

2025-08-14 10:37:42 -07:00 · 2015-12-11 21:14:49 +02:00 · 2015-12-11 21:14:49 +02:00 · 39e9b6397b
commit 39e9b6397b
parent 9620bfbf35
115 changed files with 1980 additions and 1340 deletions
--- a/web/delete/dns/index.php
+++ b/web/delete/dns/index.php
@ -7,23 +7,26 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

 // Delete as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user = $_GET['user'];
+    $user=$_GET['user'];
 }

 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
    header('location: /login/');
-    exit;
+    exit();
 }

 // DNS domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
-    $v_domain = $_GET['domain'];
-    v_exec('v-delete-dns-domain', [$user, $v_domain]);
+    $v_username = escapeshellarg($user);
+    $v_domain = escapeshellarg($_GET['domain']);
+    exec (VESTA_CMD."v-delete-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);

    $back = $_SESSION['back'];
    if (!empty($back)) {
-        header("Location: $back");
+        header("Location: ".$back);
        exit;
    }
    header("Location: /list/dns/");
@ -32,13 +35,15 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {

 // DNS record
 if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
-    $v_domain = $_GET['domain'];
-    $v_record_id = $_GET['record_id'];
-    v_exec('v-delete-dns-record', [$user, $v_domain, $v_record_id]);
-
+    $v_username = escapeshellarg($user);
+    $v_domain = escapeshellarg($_GET['domain']);
+    $v_record_id = escapeshellarg($_GET['record_id']);
+    exec (VESTA_CMD."v-delete-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);
    $back = $_SESSION['back'];
    if (!empty($back)) {
-        header("Location: $back");
+        header("Location: ".$back);
        exit;
    }
    header("Location: /list/dns/?domain=".$_GET['domain']);
@ -47,7 +52,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {

 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: $back");
+    header("Location: ".$back);
    exit;
 }