Revert "[SECURITY] Fix OS command injection."

2025-08-14 10:37:42 -07:00 · 2015-12-11 21:14:49 +02:00 · 2015-12-11 21:14:49 +02:00 · 39e9b6397b
commit 39e9b6397b
parent 9620bfbf35
115 changed files with 1980 additions and 1340 deletions
--- a/web/delete/favorite/index.php
+++ b/web/delete/favorite/index.php
@ -5,10 +5,11 @@

    include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

-    $v_section = $_REQUEST['v_section'];
-    $v_unit_id = $_REQUEST['v_unit_id'];
+    unset($_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']]);

-    unset($_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id]);
+    $v_section = escapeshellarg($_REQUEST['v_section']);
+    $v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);

-    v_exec('v-delete-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
+    exec (VESTA_CMD."v-delete-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var);
+//    check_return_code($return_var,$output);
 ?>