github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 05:44:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

288
web/edit/web/index.php
View file

@ -16,17 +16,18 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user = $_GET['user'];
$user=escapeshellarg($_GET['user']);
}
$v_username = $user;
$v_domain = $_GET['domain'];
// List domain
v_exec('v-list-web-domain', [$user, $v_domain, 'json'], false, $output);
$data = json_decode($output, true);
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
// Parse domain
$v_username = $user;
$v_domain = $_GET['domain'];
$v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL'];
$v_aliases = str_replace(',', "\n", $data[$v_domain]['ALIAS']);
@ -35,9 +36,10 @@ $v_tpl = $data[$v_domain]['IP'];
$v_cgi = $data[$v_domain]['CGI'];
$v_elog = $data[$v_domain]['ELOG'];
$v_ssl = $data[$v_domain]['SSL'];
if ($v_ssl == 'yes') {
v_exec('v-list-web-domain-ssl', [$user, $v_domain, 'json'], false, $output);
$ssl_str = json_decode($output, true);
if ( $v_ssl == 'yes' ) {
exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT'];
$v_ssl_key = $ssl_str[$v_domain]['KEY'];
$v_ssl_ca = $ssl_str[$v_domain]['CA'];
@ -49,10 +51,10 @@ $v_proxy_template = $data[$v_domain]['PROXY'];
$v_proxy_ext = str_replace(',', ', ', $data[$v_domain]['PROXY_EXT']);
$v_stats = $data[$v_domain]['STATS'];
$v_stats_user = $data[$v_domain]['STATS_USER'];
if (!empty($v_stats_user)) $v_stats_password = '';
if (!empty($v_stats_user)) $v_stats_password = "";
$v_ftp_user = $data[$v_domain]['FTP_USER'];
$v_ftp_path = $data[$v_domain]['FTP_PATH'];
if (!empty($v_ftp_user)) $v_ftp_password = '';
if (!empty($v_ftp_user)) $v_ftp_password = "";
$v_ftp_user_prepath = $data[$v_domain]['DOCUMENT_ROOT'];
$v_ftp_user_prepath = str_replace('/public_html', '', $v_ftp_user_prepath, $occurance = 1);
$v_ftp_email = $panel[$user]['CONTACT'];
@ -66,78 +68,87 @@ $v_time = $data[$v_domain]['TIME'];
$v_date = $data[$v_domain]['DATE'];
// List ip addresses
v_exec('v-list-user-ips', [$user, 'json'], false, $output);
$ips = json_decode($output, true);
exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
$ips = json_decode(implode('', $output), true);
unset($output);
// List web templates
v_exec('v-list-web-templates', ['json'], false, $output);
$templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
$templates = json_decode(implode('', $output), true);
unset($output);
// List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) {
v_exec('v-list-web-templates-backend', ['json'], false, $output);
$backend_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
$backend_templates = json_decode(implode('', $output), true);
unset($output);
}
// List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) {
v_exec('v-list-web-templates-proxy', ['json'], false, $output);
$proxy_templates = json_decode($output, true);
exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
$proxy_templates = json_decode(implode('', $output), true);
unset($output);
}
// List web stat engines
v_exec('v-list-web-stats', ['json'], false, $output);
$stats = json_decode($output, true);
exec (VESTA_CMD."v-list-web-stats json", $output, $return_var);
$stats = json_decode(implode('', $output), true);
unset($output);
// Check POST request
if (!empty($_POST['save'])) {
$v_domain = $_POST['v_domain'];
$v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// IP has been changed
if ($v_ip != $_POST['v_ip']) {
$v_ip = $_POST['v_ip'];
// Change web domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
$v_ip = escapeshellarg($_POST['v_ip']);
exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$restart_web = 'yes';
$restart_proxy = 'yes';
unset($output);
}
// Change web domain IP
if (empty($_SESSION['error_msg'])) {
v_exec('v-change-web-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
$restart_web = 'yes';
$restart_proxy = 'yes';
// Chane dns domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var);
unset($output);
if ($return_var == 0 ) {
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
// Chane dns domain IP
if (empty($_SESSION['error_msg'])) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain, 'json'], false);
if ($return_var == 0) {
v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
// Change dns ip for each alias
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
foreach($valiases as $v_alias ){
exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var);
unset($output);
if ($return_var == 0 ) {
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
// Change dns ip for each alias
if (empty($_SESSION['error_msg'])) {
foreach ($valiases as $v_alias) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_alias, 'json'], false);
if ($return_var == 0) {
v_exe ('v-change-dns-domain-ip', [$v_username, $v_alias, $v_ip]);
$restart_dns = 'yes';
}
}
}
}
// Change template (admin only)
if ($_SESSION['user'] == 'admin') {
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
$v_template = $_POST['v_template'];
v_exec('v-change-web-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
$restart_web = 'yes';
}
if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_web = 'yes';
}
// Change aliases
@ -153,12 +164,18 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_template = $_POST['v_template'];
v_exec('v-delete-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
unset($output);
if ($return_var == 0) {
v_exec('v-delete-dns-on-web-alias', [$v_username, $v_domain, $alias, 'no']);
exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
@ -170,12 +187,17 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_template = $_POST['v_template'];
v_exec('v-add-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
unset($output);
if ($return_var == 0) {
v_exec('v-add-dns-on-web-alias', [$v_username, $alias, $v_ip, 'no']);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
}
}
@ -183,17 +205,19 @@ if (!empty($_POST['save'])) {
}
}
// Change backend template (admin only)
if ($_SESSION['user'] == 'admin') {
if ((!empty($_SESSION['WEB_BACKEND'])) && ($v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
// Change backend template
if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_backend_template = $_POST['v_backend_template'];
v_exec('v-change-web-domain-backend-tpl', [$v_username, $v_domain, $v_backend_template]);
}
exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-web-domain-proxy', [$v_username, $v_domain, 'no']);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unset($v_proxy);
$restart_proxy = 'yes';
}
@ -205,11 +229,13 @@ if (!empty($_POST['save'])) {
$ext = preg_replace('/\s+/', ' ',$ext);
$ext = trim($ext);
$ext = str_replace(' ', ", ", $ext);
if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
$ext = str_replace(', ', ",", $ext);
if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
v_exec('v-change-web-domain-proxy-tpl', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$v_proxy_ext = str_replace(',', ', ', $ext);
unset($output);
$restart_proxy = 'yes';
}
}
@ -225,13 +251,17 @@ if (!empty($_POST['save'])) {
$ext = str_replace(' ', ",", $ext);
$v_proxy_ext = str_replace(',', ', ', $ext);
}
v_exec('v-add-web-domain-proxy', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_proxy = 'yes';
}
// Delete SSL certificate
if (($v_ssl == 'yes') && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
v_exec('v-delete-web-domain-ssl', [$v_username, $v_domain, 'no']);
if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_ssl = 'no';
$restart_web = 'yes';
$restart_proxy = 'yes';
@ -267,7 +297,9 @@ if (!empty($_POST['save'])) {
fclose($fp);
}
v_exec('v-change-web-domain-sslcert', [$user, $v_domain, $tmpdir, 'no']);
exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt'];
@ -296,6 +328,7 @@ if (!empty($_POST['save'])) {
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ( $i == 0 ) {
@ -304,41 +337,41 @@ if (!empty($_POST['save'])) {
$error_msg = $error_msg.", ".$error;
}
}
$_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
$v_ssl_home = $_POST['v_ssl_home'];
$v_ssl_crt = str_replace("\r\n", "\n", $_POST['v_ssl_crt']);
$v_ssl_key = str_replace("\r\n", "\n", $_POST['v_ssl_key']);
$v_ssl_ca = str_replace("\r\n", "\n", $_POST['v_ssl_ca']);
exec('mktemp -d', $mktemp_output, $return_var);
exec ('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
if (!empty($_POST['v_ssl_crt'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
fwrite($fp, $v_ssl_crt);
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
fclose($fp);
}
// Key
if (!empty($_POST['v_ssl_key'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
fwrite($fp, $v_ssl_key);
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
fclose($fp);
}
// CA
if (!empty($_POST['v_ssl_ca'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
fwrite($fp, $v_ssl_ca);
fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
fclose($fp);
}
v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_ssl = 'yes';
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt'];
$v_ssl_key = $_POST['v_ssl_key'];
$v_ssl_ca = $_POST['v_ssl_ca'];
$v_ssl_home = $_POST['v_ssl_home'];
// Cleanup certificate tempfiles
if (!empty($_POST['v_ssl_crt'])) {
@ -358,36 +391,47 @@ if (!empty($_POST['save'])) {
}
// Change document root for ssl domain
if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
if ($v_ssl_home != $_POST['v_ssl_home']) {
if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
if ( $v_ssl_home != $_POST['v_ssl_home'] ) {
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var);
check_return_code($return_var,$output);
$v_ssl_home = $_POST['v_ssl_home'];
v_exec('v-change-web-domain-sslhome', [$user, $v_domain, $v_ssl_home, 'no']);
unset($output);
}
}
// Delete web stats
if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-stats ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_stats = '';
v_exec('v-delete-web-domain-stats', [$v_username, $v_domain]);
}
// Change web stats engine
if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) {
$v_stats = $_POST['v_stats'];
v_exec('v-change-web-domain-stats', [$v_username, $v_domain, $v_stats]);
$v_stats = escapeshellarg($_POST['v_stats']);
exec (VESTA_CMD."v-change-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Add web stats
if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
$v_stats = $_POST['v_stats'];
v_exec('v-add-web-domain-stats', [$v_username, $v_domain, $v_stats]);
$v_stats = escapeshellarg($_POST['v_stats']);
exec (VESTA_CMD."v-add-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Delete web stats authorization
if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-delete-web-domain-stats-user ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_stats_user = '';
$v_stats_password = '';
v_exec('v-delete-web-domain-stats-user', [$v_username, $v_domain]);
}
// Change web stats user or password
@ -403,14 +447,16 @@ if (!empty($_POST['save'])) {
}
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
$v_stats_user = $_POST['v_stats_user'];
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password);
$v_stats_password = $_POST['v_stats_password'];
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
}
@ -428,14 +474,16 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) {
$v_stats_user = $_POST['v_stats_user'];
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unlink($v_stats_password);
$v_stats_password = $_POST['v_stats_password'];
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
}
@ -465,13 +513,15 @@ if (!empty($_POST['save'])) {
// Add ftp account
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
$v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
$v_ftp_user = escapeshellarg($v_ftp_username);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
if (empty($_SESSION['error_msg'])) {
$v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
v_exec('v-add-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
check_return_code($return_var,$output);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email'];
$subject = __("FTP login credentials");
@ -481,14 +531,16 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
unset($output);
unlink($v_ftp_password);
$v_ftp_password = $v_ftp_user_data['v_ftp_password'];
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
}
if ($return_var == 0) {
$v_ftp_password = '';
$v_ftp_password = "";
$v_ftp_user_data['is_new'] = 0;
} else {
}
else {
$v_ftp_user_data['is_new'] = 1;
}
@ -507,7 +559,10 @@ if (!empty($_POST['save'])) {
// Delete FTP account
if ($v_ftp_user_data['delete'] == 1) {
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user'];
v_exec('v-delete-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username]);
exec (VESTA_CMD."v-delete-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
continue;
}
@ -526,9 +581,10 @@ if (!empty($_POST['save'])) {
// Change FTP account path
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_username = escapeshellarg($v_ftp_username);
//if (!empty($v_ftp_user_data['v_ftp_path'])) {
$v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
v_exec('v-change-web-domain-ftp-path', [$v_username, $v_domain, $v_ftp_username, $v_ftp_path]);
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
//}
// Change FTP account password
@ -537,7 +593,7 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
v_exec('v-change-web-domain-ftp-password', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password]);
exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var);
unlink($v_ftp_password);
$to = $v_ftp_user_data['v_ftp_email'];
@ -548,6 +604,8 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
check_return_code($return_var, $output);
unset($output);
$v_ftp_users_updated[] = array(
'is_new' => 0,
@ -563,17 +621,23 @@ if (!empty($_POST['save'])) {
// Restart web server
if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-web');
exec (VESTA_CMD."v-restart-web", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-proxy');
exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
v_exec('v-restart-dns');
exec (VESTA_CMD."v-restart-dns", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Set success message