Update index.php

web/api/index.php

@@ -31,39 +31,25 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         echo 'Error: authentication failed';
         exit;
     }
-
+    
-    // Prepare arguments
+    // Prepare for iteration
-    if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
+    $args = [];
-    if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);
+    $i = 0;
-    if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']);
+    
-    if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']);
+    // Loop through args until there isn't another.
-    if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']);
+    while (true)
-    if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']);
+    {
-    if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']);
+        $i++;
-    if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']);
+        if (!empty($_POST['arg' . $i]))
-    if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']);
+        {
-    if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']);
+            $args[] = $_POST['arg' . $i];
+            continue;
+        }
+        break;
+    }
 
     // Build query
-    $cmdquery = VESTA_CMD.$cmd." ";
+    $cmdquery = VESTA_CMD . $cmd . " " . implode(" ", $args);
-    if(!empty($arg1)){
-         $cmdquery = $cmdquery.$arg1." "; }
-    if(!empty($arg2)){
-         $cmdquery = $cmdquery.$arg2." "; }
-    if(!empty($arg3)){
-         $cmdquery = $cmdquery.$arg3." "; }
-    if(!empty($arg4)){
-         $cmdquery = $cmdquery.$arg4." "; }
-    if(!empty($arg5)){
-         $cmdquery = $cmdquery.$arg5." "; }
-    if(!empty($arg6)){
-         $cmdquery = $cmdquery.$arg6." "; }
-    if(!empty($arg7)){
-         $cmdquery = $cmdquery.$arg7." "; }
-    if(!empty($arg8)){
-         $cmdquery = $cmdquery.$arg8." "; }
-    if(!empty($arg9)){
-         $cmdquery = $cmdquery.$arg9; }
 
     // Check command
     if ($cmd == "'v-make-tmp-file'") {