github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/upload/UploadHandler.php
View file

@ -2,7 +2,6 @@
//session_start();
require_once(__DIR__.'/../inc/exec.php');
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check login_as feature
@ -1105,7 +1104,9 @@ class UploadHandler
} else {
chmod($uploaded_file, 0644);
//move_uploaded_file($uploaded_file, $file_path);
$return_var = v_exec('v-copy-fs-file', [USERNAME, $uploaded_file, $file_path]);
exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." {$uploaded_file} {$file_path}", $output, $return_var);
$error = check_return_code($return_var, $output);
if ($return_var != 0) {
//var_dump(VESTA_CMD . "v-copy-fs-file {$user} {$fn} {$path}");
//var_dump($path);