github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

11
web/start/service/index.php
View file

@ -8,17 +8,18 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['srv'])) {
if ($_GET['srv'] == 'iptables') {
$return_var = v_exec('v-update-firewall', [], false, $output);
exec (VESTA_CMD."v-update-firewall", $output, $return_var);
} else {
$v_service = $_GET['srv'];
$return_var = v_exec('v-start-service', [$v_service], false, $output);
$v_service = escapeshellarg($_GET['srv']);
exec (VESTA_CMD."v-start-service ".$v_service, $output, $return_var);
}
}
if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) $error = __('SERVICE_ACTION_FAILED', __('start'), htmlentities($_GET['srv']));
$_SESSION['error_srv'] = $error;
if (empty($error)) $error = __('SERVICE_ACTION_FAILED',__('start'),$v_service);;
$_SESSION['error_srv'] = $error;
}
unset($output);
}
header("Location: /list/server/");