github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 13:54:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

10
web/list/mail/index.php
View file

@ -14,18 +14,20 @@ top_panel($user,$TAB);
// Data
if (empty($_GET['domain'])){
v_exec('v-list-mail-domains', [$user, 'json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail.html');
} else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_mail.html');
}
} else {
v_exec('v-list-mail-accounts', [$user, $_GET['domain'], 'json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail_acc.html');
} else {