github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 10:37:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

8
web/view/file/index.php
View file

@ -1,4 +1,4 @@
<?php
<?php
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
@ -16,11 +16,11 @@ if (!empty($_REQUEST['path'])) {
$path = $_REQUEST['path'];
if (!empty($_REQUEST['raw'])) {
header('content-type: image/jpeg');
// TODO: Implement `v_passthru`?
passthru(VESTA_CMD.'v-open-fs-file '.build_shell_args([$user, $_REQUEST['path']]));
passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($_REQUEST['path']));
exit;
}
} else {
}
else {
die('File not found');
}