github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 13:54:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

22
web/list/stats/index.php
View file

@ -14,24 +14,28 @@ top_panel($user,$TAB);
// Data
if ($user == 'admin') {
if (empty($_GET['user'])) {
v_exec('v-list-users-stats', ['json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-users-stats json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
} else {
$v_user = $_GET['user'];
v_exec('v-list-user-stats', [$v_user, 'json'], false, $output);
$data = json_decode($output, true);
$v_user = escapeshellarg($_GET['user']);
exec (VESTA_CMD."v-list-user-stats $v_user json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
}
v_exec('v-list-sys-users', ['json'], false, $output);
$users = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_stats.html');
} else {
v_exec('v-list-user-stats', [$user, 'json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-user-stats $user json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_stats.html');
}