mirror of
https://github.com/myvesta/vesta
synced 2025-08-14 10:37:42 -07:00
Revert "[SECURITY] Fix OS command injection."
This commit is contained in:
Serghey Rodin
parent
9620bfbf35
commit
39e9b6397b
115 changed files with 1980 additions and 1340 deletions
|
|
@ -16,18 +16,21 @@ if (empty($_GET['user'])) {
|
|||
|
||||
// Edit as someone else?
|
||||
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
|
||||
$user = $_GET['user'];
|
||||
$user=$_GET['user'];
|
||||
$v_username=$_GET['user'];
|
||||
} else {
|
||||
$user = $_SESSION['user'];
|
||||
$user=$_SESSION['user'];
|
||||
$v_username=$_SESSION['user'];
|
||||
}
|
||||
$v_username = $user;
|
||||
|
||||
// List user
|
||||
v_exec('v-list-user', [$v_username, 'json'], true, $output);
|
||||
$data = json_decode($output, true);
|
||||
exec (VESTA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
unset($output);
|
||||
|
||||
// Parse user
|
||||
$v_password = '';
|
||||
$v_password = "";
|
||||
$v_email = $data[$v_username]['CONTACT'];
|
||||
$v_package = $data[$v_username]['PACKAGE'];
|
||||
$v_language = $data[$v_username]['LANGUAGE'];
|
||||
|
|
@ -35,7 +38,7 @@ $v_fname = $data[$v_username]['FNAME'];
|
|||
$v_lname = $data[$v_username]['LNAME'];
|
||||
$v_shell = $data[$v_username]['SHELL'];
|
||||
$v_ns = $data[$v_username]['NS'];
|
||||
$nameservers = explode(', ', $v_ns);
|
||||
$nameservers = explode(", ", $v_ns);
|
||||
$v_ns1 = $nameservers[0];
|
||||
$v_ns2 = $nameservers[1];
|
||||
$v_ns3 = $nameservers[2];
|
||||
|
|
@ -55,25 +58,29 @@ $v_time = $data[$v_username]['TIME'];
|
|||
$v_date = $data[$v_username]['DATE'];
|
||||
|
||||
// List packages
|
||||
v_exec('v-list-user-packages', ['json'], false, $output);
|
||||
$packages = json_decode($output, true);
|
||||
exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
|
||||
$packages = json_decode(implode('', $output), true);
|
||||
unset($output);
|
||||
|
||||
// List languages
|
||||
v_exec('v-list-sys-languages', ['json'], false, $output);
|
||||
$languages = json_decode($output, true);
|
||||
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
|
||||
$languages = json_decode(implode('', $output), true);
|
||||
unset($output);
|
||||
|
||||
// List shells
|
||||
v_exec('v-list-sys-shells', ['json'], false, $output);
|
||||
$shells = json_decode($output, true);
|
||||
exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
|
||||
$shells = json_decode(implode('', $output), true);
|
||||
unset($output);
|
||||
|
||||
// Are you admin?
|
||||
|
||||
// Check POST request
|
||||
if (!empty($_POST['save'])) {
|
||||
|
||||
// Check token
|
||||
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
|
||||
header('location: /login/');
|
||||
exit;
|
||||
exit();
|
||||
}
|
||||
|
||||
// Change password
|
||||
|
|
@ -82,34 +89,38 @@ if (!empty($_POST['save'])) {
|
|||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
v_exec('v-change-user-password', [$v_username, $v_password]);
|
||||
exec (VESTA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = $_POST['v_password'];
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
}
|
||||
|
||||
// Change package (admin only)
|
||||
if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
|
||||
$v_package = $_POST['v_package'];
|
||||
v_exec('v-change-user-package', [$v_username, $v_package]);
|
||||
$v_package = escapeshellarg($_POST['v_package']);
|
||||
exec (VESTA_CMD."v-change-user-package ".escapeshellarg($v_username)." ".$v_package, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
}
|
||||
|
||||
// Change language
|
||||
if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_language = $_POST['v_language'];
|
||||
v_exec('v-change-user-language', [$v_username, $v_language]);
|
||||
$v_language = escapeshellarg($_POST['v_language']);
|
||||
exec (VESTA_CMD."v-change-user-language ".escapeshellarg($v_username)." ".$v_language, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
if (empty($_SESSION['error_msg'])) {
|
||||
if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) {
|
||||
$_SESSION['language'] = $_POST['v_language'];
|
||||
}
|
||||
if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) $_SESSION['language'] = $_POST['v_language'];
|
||||
}
|
||||
unset($output);
|
||||
}
|
||||
|
||||
// Change shell (admin only)
|
||||
if ($_SESSION['user'] == 'admin') {
|
||||
if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_shell = $_POST['v_shell'];
|
||||
v_exec('v-change-user-shell', [$v_username, $v_shell]);
|
||||
}
|
||||
if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
|
||||
$v_shell = escapeshellarg($_POST['v_shell']);
|
||||
exec (VESTA_CMD."v-change-user-shell ".escapeshellarg($v_username)." ".$v_shell, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
}
|
||||
|
||||
// Change contact email
|
||||
|
|
@ -117,37 +128,54 @@ if (!empty($_POST['save'])) {
|
|||
if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$_SESSION['error_msg'] = __('Please enter valid email address.');
|
||||
} else {
|
||||
$v_email = $_POST['v_email'];
|
||||
v_exec('v-change-user-contact', [$v_username, $v_email]);
|
||||
$v_email = escapeshellarg($_POST['v_email']);
|
||||
exec (VESTA_CMD."v-change-user-contact ".escapeshellarg($v_username)." ".$v_email, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
}
|
||||
}
|
||||
|
||||
// Change full name
|
||||
if ((($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) && (empty($_SESSION['error_msg']))) {
|
||||
if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_fname = escapeshellarg($_POST['v_fname']);
|
||||
$v_lname = escapeshellarg($_POST['v_lname']);
|
||||
exec (VESTA_CMD."v-change-user-name ".escapeshellarg($v_username)." ".$v_fname." ".$v_lname, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
$v_fname = $_POST['v_fname'];
|
||||
$v_lname = $_POST['v_lname'];
|
||||
v_exec('v-change-user-name', [$v_username, $v_fname, $v_lname]);
|
||||
}
|
||||
|
||||
// Change NameServers
|
||||
if ((($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
|
||||
|| ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8'])) && (empty($_SESSION['error_msg']))) {
|
||||
$v_ns1 = $_POST['v_ns1'];
|
||||
$v_ns2 = $_POST['v_ns2'];
|
||||
$v_ns3 = $_POST['v_ns3'];
|
||||
$v_ns4 = $_POST['v_ns4'];
|
||||
$v_ns5 = $_POST['v_ns5'];
|
||||
$v_ns6 = $_POST['v_ns6'];
|
||||
$v_ns7 = $_POST['v_ns7'];
|
||||
$v_ns8 = $_POST['v_ns8'];
|
||||
$ns_args = [$v_username, $v_ns1, $v_ns2];
|
||||
if (!empty($_POST['v_ns3'])) $ns_args[] = $v_ns3;
|
||||
if (!empty($_POST['v_ns4'])) $ns_args[] = $v_ns4;
|
||||
if (!empty($_POST['v_ns5'])) $ns_args[] = $v_ns5;
|
||||
if (!empty($_POST['v_ns6'])) $ns_args[] = $v_ns6;
|
||||
if (!empty($_POST['v_ns7'])) $ns_args[] = $v_ns7;
|
||||
if (!empty($_POST['v_ns8'])) $ns_args[] = $v_ns8;
|
||||
v_exec('v-change-user-ns', $ns_args);
|
||||
if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
|
||||
|| ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_ns1 = escapeshellarg($_POST['v_ns1']);
|
||||
$v_ns2 = escapeshellarg($_POST['v_ns2']);
|
||||
$v_ns3 = escapeshellarg($_POST['v_ns3']);
|
||||
$v_ns4 = escapeshellarg($_POST['v_ns4']);
|
||||
$v_ns5 = escapeshellarg($_POST['v_ns5']);
|
||||
$v_ns6 = escapeshellarg($_POST['v_ns6']);
|
||||
$v_ns7 = escapeshellarg($_POST['v_ns7']);
|
||||
$v_ns8 = escapeshellarg($_POST['v_ns8']);
|
||||
$ns_cmd = VESTA_CMD."v-change-user-ns ".escapeshellarg($v_username)." ".$v_ns1." ".$v_ns2;
|
||||
if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
|
||||
if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
|
||||
if (!empty($_POST['v_ns5'])) $ns_cmd = $ns_cmd." ".$v_ns5;
|
||||
if (!empty($_POST['v_ns6'])) $ns_cmd = $ns_cmd." ".$v_ns6;
|
||||
if (!empty($_POST['v_ns7'])) $ns_cmd = $ns_cmd." ".$v_ns7;
|
||||
if (!empty($_POST['v_ns8'])) $ns_cmd = $ns_cmd." ".$v_ns8;
|
||||
exec ($ns_cmd, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
|
||||
$v_ns1 = str_replace("'","", $v_ns1);
|
||||
$v_ns2 = str_replace("'","", $v_ns2);
|
||||
$v_ns3 = str_replace("'","", $v_ns3);
|
||||
$v_ns4 = str_replace("'","", $v_ns4);
|
||||
$v_ns5 = str_replace("'","", $v_ns5);
|
||||
$v_ns6 = str_replace("'","", $v_ns6);
|
||||
$v_ns7 = str_replace("'","", $v_ns7);
|
||||
$v_ns8 = str_replace("'","", $v_ns8);
|
||||
}
|
||||
|
||||
// Set success message
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue