github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

40
web/unsuspend/dns/index.php
View file

@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit;
exit();
}
// Check user
@ -23,12 +23,18 @@ if (!empty($_GET['user'])) {
// DNS domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
$v_username = $user;
$v_domain = $_GET['domain'];
v_exec('v-unsuspend-dns-domain', [$v_username, $v_domain]);
$back = getenv('HTTP_REFERER');
$v_username = escapeshellarg($user);
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-unsuspend-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) $error = __('Error: vesta did not return any output.');
$_SESSION['error_msg'] = $error;
}
unset($output);
$back=getenv("HTTP_REFERER");
if (!empty($back)) {
header("Location: $back");
header("Location: ".$back);
exit;
}
header("Location: /list/dns/");
@ -37,22 +43,28 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
// DNS record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_username = $user;
$v_domain = $_GET['domain'];
$v_record_id = $_GET['record_id'];
v_exec('v-unsuspend-dns-record', [$v_username, $v_domain, $v_record_id]);
$back = getenv('HTTP_REFERER');
$v_username = escapeshellarg($user);
$v_domain = escapeshellarg($_GET['domain']);
$v_record_id = escapeshellarg($_GET['record_id']);
exec (VESTA_CMD."v-unsuspend-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
if ($return_var != 0) {
$error = implode('<br>', $output);
if (empty($error)) $error = __('Error: vesta did not return any output.');
$_SESSION['error_msg'] = $error;
}
unset($output);
$back=getenv("HTTP_REFERER");
if (!empty($back)) {
header("Location: $back");
header("Location: ".$back);
exit;
}
header("Location: /list/dns/?domain=".$_GET['domain']);
exit;
}
$back = getenv('HTTP_REFERER');
$back=getenv("HTTP_REFERER");
if (!empty($back)) {
header("Location: $back");
header("Location: ".$back);
exit;
}