github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 05:44:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

24
web/schedule/backup/index.php
View file

@ -5,15 +5,21 @@ ob_start();
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
$return_var = v_exec('v-schedule-user-backup', [$user]);
switch ($return_var) {
case 0:
$_SESSION['error_msg'] = __('BACKUP_SCHEDULED');
break;
case 4:
$_SESSION['error_msg'] = __('BACKUP_EXISTS');
break;
}
$v_username = escapeshellarg($user);
exec (VESTA_CMD."v-schedule-user-backup ".$v_username, $output, $return_var);
if ($return_var == 0) {
$_SESSION['error_msg'] = __('BACKUP_SCHEDULED');
} else {
$_SESSION['error_msg'] = implode('<br>', $output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = __('Error: vesta did not return any output.');
}
if ($return_var == 4) {
$_SESSION['error_msg'] = __('BACKUP_EXISTS');
}
}
unset($output);
header("Location: /list/backup/");
exit;