github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-21 05:44:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor SSL and mail certificate handling in web/edit/server/index.php to ensure safe array access and improve error handling. Update related files to consistently check for array validity before accessing elements.

Browse source
This commit is contained in:
Peca 2025-08-11 15:35:19 +02:00
commit 6660a9e975
6 changed files with 70 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

104
web/edit/server/index.php
View file

@ -95,33 +95,33 @@ exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
$v_sys_ssl_str = json_decode(implode('', $output), true); $v_sys_ssl_str = json_decode(implode('', $output), true);
if (!is_array($v_sys_ssl_str)) $v_sys_ssl_str = array('VESTA'=>array()); if (!is_array($v_sys_ssl_str)) $v_sys_ssl_str = array('VESTA'=>array());
unset($output); unset($output);
$v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; $v_sys_ssl_crt = isset($v_sys_ssl_str['VESTA']['CRT']) ? $v_sys_ssl_str['VESTA']['CRT'] : '';
$v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; $v_sys_ssl_key = isset($v_sys_ssl_str['VESTA']['KEY']) ? $v_sys_ssl_str['VESTA']['KEY'] : '';
$v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; $v_sys_ssl_ca = isset($v_sys_ssl_str['VESTA']['CA']) ? $v_sys_ssl_str['VESTA']['CA'] : '';
$v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; $v_sys_ssl_subject = isset($v_sys_ssl_str['VESTA']['SUBJECT']) ? $v_sys_ssl_str['VESTA']['SUBJECT'] : '';
$v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; $v_sys_ssl_aliases = isset($v_sys_ssl_str['VESTA']['ALIASES']) ? $v_sys_ssl_str['VESTA']['ALIASES'] : '';
$v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; $v_sys_ssl_not_before = isset($v_sys_ssl_str['VESTA']['NOT_BEFORE']) ? $v_sys_ssl_str['VESTA']['NOT_BEFORE'] : '';
$v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; $v_sys_ssl_not_after = isset($v_sys_ssl_str['VESTA']['NOT_AFTER']) ? $v_sys_ssl_str['VESTA']['NOT_AFTER'] : '';
$v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; $v_sys_ssl_signature = isset($v_sys_ssl_str['VESTA']['SIGNATURE']) ? $v_sys_ssl_str['VESTA']['SIGNATURE'] : '';
$v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; $v_sys_ssl_pub_key = isset($v_sys_ssl_str['VESTA']['PUB_KEY']) ? $v_sys_ssl_str['VESTA']['PUB_KEY'] : '';
$v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; $v_sys_ssl_issuer = isset($v_sys_ssl_str['VESTA']['ISSUER']) ? $v_sys_ssl_str['VESTA']['ISSUER'] : '';
// List mail ssl certificate info // List mail ssl certificate info
if (!empty($_SESSION['VESTA_CERTIFICATE'])); { if (!empty($_SESSION['VESTA_CERTIFICATE'])) {
exec (VESTA_CMD."v-list-sys-mail-ssl json", $output, $return_var); exec (VESTA_CMD."v-list-sys-mail-ssl json", $output, $return_var);
$v_mail_ssl_str = json_decode(implode('', $output), true); $v_mail_ssl_str = json_decode(implode('', $output), true);
if (!is_array($v_mail_ssl_str)) $v_mail_ssl_str = array('MAIL'=>array()); if (!is_array($v_mail_ssl_str)) $v_mail_ssl_str = array('MAIL'=>array());
unset($output); unset($output);
$v_mail_ssl_crt = $v_mail_ssl_str['MAIL']['CRT']; $v_mail_ssl_crt = isset($v_mail_ssl_str['MAIL']['CRT']) ? $v_mail_ssl_str['MAIL']['CRT'] : '';
$v_mail_ssl_key = $v_mail_ssl_str['MAIL']['KEY']; $v_mail_ssl_key = isset($v_mail_ssl_str['MAIL']['KEY']) ? $v_mail_ssl_str['MAIL']['KEY'] : '';
$v_mail_ssl_ca = $v_mail_ssl_str['MAIL']['CA']; $v_mail_ssl_ca = isset($v_mail_ssl_str['MAIL']['CA']) ? $v_mail_ssl_str['MAIL']['CA'] : '';
$v_mail_ssl_subject = $v_mail_ssl_str['MAIL']['SUBJECT']; $v_mail_ssl_subject = isset($v_mail_ssl_str['MAIL']['SUBJECT']) ? $v_mail_ssl_str['MAIL']['SUBJECT'] : '';
$v_mail_ssl_aliases = $v_mail_ssl_str['MAIL']['ALIASES']; $v_mail_ssl_aliases = isset($v_mail_ssl_str['MAIL']['ALIASES']) ? $v_mail_ssl_str['MAIL']['ALIASES'] : '';
$v_mail_ssl_not_before = $v_mail_ssl_str['MAIL']['NOT_BEFORE']; $v_mail_ssl_not_before = isset($v_mail_ssl_str['MAIL']['NOT_BEFORE']) ? $v_mail_ssl_str['MAIL']['NOT_BEFORE'] : '';
$v_mail_ssl_not_after = $v_mail_ssl_str['MAIL']['NOT_AFTER']; $v_mail_ssl_not_after = isset($v_mail_ssl_str['MAIL']['NOT_AFTER']) ? $v_mail_ssl_str['MAIL']['NOT_AFTER'] : '';
$v_mail_ssl_signature = $v_mail_ssl_str['MAIL']['SIGNATURE']; $v_mail_ssl_signature = isset($v_mail_ssl_str['MAIL']['SIGNATURE']) ? $v_mail_ssl_str['MAIL']['SIGNATURE'] : '';
$v_mail_ssl_pub_key = $v_mail_ssl_str['MAIL']['PUB_KEY']; $v_mail_ssl_pub_key = isset($v_mail_ssl_str['MAIL']['PUB_KEY']) ? $v_mail_ssl_str['MAIL']['PUB_KEY'] : '';
$v_mail_ssl_issuer = $v_mail_ssl_str['MAIL']['ISSUER']; $v_mail_ssl_issuer = isset($v_mail_ssl_str['MAIL']['ISSUER']) ? $v_mail_ssl_str['MAIL']['ISSUER'] : '';
} }
// Check POST request // Check POST request
@ -252,16 +252,16 @@ if (!empty($_POST['save'])) {
$v_mail_ssl_str = json_decode(implode('', $output), true); $v_mail_ssl_str = json_decode(implode('', $output), true);
if (!is_array($v_mail_ssl_str)) $v_mail_ssl_str = array('MAIL'=>array()); if (!is_array($v_mail_ssl_str)) $v_mail_ssl_str = array('MAIL'=>array());
unset($output); unset($output);
$v_mail_ssl_crt = $v_mail_ssl_str['MAIL']['CRT']; $v_mail_ssl_crt = isset($v_mail_ssl_str['MAIL']['CRT']) ? $v_mail_ssl_str['MAIL']['CRT'] : '';
$v_mail_ssl_key = $v_mail_ssl_str['MAIL']['KEY']; $v_mail_ssl_key = isset($v_mail_ssl_str['MAIL']['KEY']) ? $v_mail_ssl_str['MAIL']['KEY'] : '';
$v_mail_ssl_ca = $v_mail_ssl_str['MAIL']['CA']; $v_mail_ssl_ca = isset($v_mail_ssl_str['MAIL']['CA']) ? $v_mail_ssl_str['MAIL']['CA'] : '';
$v_mail_ssl_subject = $v_mail_ssl_str['MAIL']['SUBJECT']; $v_mail_ssl_subject = isset($v_mail_ssl_str['MAIL']['SUBJECT']) ? $v_mail_ssl_str['MAIL']['SUBJECT'] : '';
$v_mail_ssl_aliases = $v_mail_ssl_str['MAIL']['ALIASES']; $v_mail_ssl_aliases = isset($v_mail_ssl_str['MAIL']['ALIASES']) ? $v_mail_ssl_str['MAIL']['ALIASES'] : '';
$v_mail_ssl_not_before = $v_mail_ssl_str['MAIL']['NOT_BEFORE']; $v_mail_ssl_not_before = isset($v_mail_ssl_str['MAIL']['NOT_BEFORE']) ? $v_mail_ssl_str['MAIL']['NOT_BEFORE'] : '';
$v_mail_ssl_not_after = $v_mail_ssl_str['MAIL']['NOT_AFTER']; $v_mail_ssl_not_after = isset($v_mail_ssl_str['MAIL']['NOT_AFTER']) ? $v_mail_ssl_str['MAIL']['NOT_AFTER'] : '';
$v_mail_ssl_signature = $v_mail_ssl_str['MAIL']['SIGNATURE']; $v_mail_ssl_signature = isset($v_mail_ssl_str['MAIL']['SIGNATURE']) ? $v_mail_ssl_str['MAIL']['SIGNATURE'] : '';
$v_mail_ssl_pub_key = $v_mail_ssl_str['MAIL']['PUB_KEY']; $v_mail_ssl_pub_key = isset($v_mail_ssl_str['MAIL']['PUB_KEY']) ? $v_mail_ssl_str['MAIL']['PUB_KEY'] : '';
$v_mail_ssl_issuer = $v_mail_ssl_str['MAIL']['ISSUER']; $v_mail_ssl_issuer = isset($v_mail_ssl_str['MAIL']['ISSUER']) ? $v_mail_ssl_str['MAIL']['ISSUER'] : '';
} }
} }
} }
@ -453,17 +453,18 @@ if (!empty($_POST['save'])) {
// List SSL certificate info // List SSL certificate info
exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
$v_sys_ssl_str = json_decode(implode('', $output), true); $v_sys_ssl_str = json_decode(implode('', $output), true);
if (!is_array($v_sys_ssl_str)) $v_sys_ssl_str = array('VESTA'=>array());
unset($output); unset($output);
$v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; $v_sys_ssl_crt = isset($v_sys_ssl_str['VESTA']['CRT']) ? $v_sys_ssl_str['VESTA']['CRT'] : '';
$v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; $v_sys_ssl_key = isset($v_sys_ssl_str['VESTA']['KEY']) ? $v_sys_ssl_str['VESTA']['KEY'] : '';
$v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; $v_sys_ssl_ca = isset($v_sys_ssl_str['VESTA']['CA']) ? $v_sys_ssl_str['VESTA']['CA'] : '';
$v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; $v_sys_ssl_subject = isset($v_sys_ssl_str['VESTA']['SUBJECT']) ? $v_sys_ssl_str['VESTA']['SUBJECT'] : '';
$v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; $v_sys_ssl_aliases = isset($v_sys_ssl_str['VESTA']['ALIASES']) ? $v_sys_ssl_str['VESTA']['ALIASES'] : '';
$v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; $v_sys_ssl_not_before = isset($v_sys_ssl_str['VESTA']['NOT_BEFORE']) ? $v_sys_ssl_str['VESTA']['NOT_BEFORE'] : '';
$v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; $v_sys_ssl_not_after = isset($v_sys_ssl_str['VESTA']['NOT_AFTER']) ? $v_sys_ssl_str['VESTA']['NOT_AFTER'] : '';
$v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; $v_sys_ssl_signature = isset($v_sys_ssl_str['VESTA']['SIGNATURE']) ? $v_sys_ssl_str['VESTA']['SIGNATURE'] : '';
$v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; $v_sys_ssl_pub_key = isset($v_sys_ssl_str['VESTA']['PUB_KEY']) ? $v_sys_ssl_str['VESTA']['PUB_KEY'] : '';
$v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; $v_sys_ssl_issuer = isset($v_sys_ssl_str['VESTA']['ISSUER']) ? $v_sys_ssl_str['VESTA']['ISSUER'] : '';
} }
} }
} }
@ -499,17 +500,18 @@ if (!empty($_POST['save'])) {
// List ssl certificate info // List ssl certificate info
exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
$v_sys_ssl_str = json_decode(implode('', $output), true); $v_sys_ssl_str = json_decode(implode('', $output), true);
if (!is_array($v_sys_ssl_str)) $v_sys_ssl_str = array('VESTA'=>array());
unset($output); unset($output);
$v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; $v_sys_ssl_crt = isset($v_sys_ssl_str['VESTA']['CRT']) ? $v_sys_ssl_str['VESTA']['CRT'] : '';
$v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; $v_sys_ssl_key = isset($v_sys_ssl_str['VESTA']['KEY']) ? $v_sys_ssl_str['VESTA']['KEY'] : '';
$v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; $v_sys_ssl_ca = isset($v_sys_ssl_str['VESTA']['CA']) ? $v_sys_ssl_str['VESTA']['CA'] : '';
$v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; $v_sys_ssl_subject = isset($v_sys_ssl_str['VESTA']['SUBJECT']) ? $v_sys_ssl_str['VESTA']['SUBJECT'] : '';
$v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; $v_sys_ssl_aliases = isset($v_sys_ssl_str['VESTA']['ALIASES']) ? $v_sys_ssl_str['VESTA']['ALIASES'] : '';
$v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; $v_sys_ssl_not_before = isset($v_sys_ssl_str['VESTA']['NOT_BEFORE']) ? $v_sys_ssl_str['VESTA']['NOT_BEFORE'] : '';
$v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; $v_sys_ssl_not_after = isset($v_sys_ssl_str['VESTA']['NOT_AFTER']) ? $v_sys_ssl_str['VESTA']['NOT_AFTER'] : '';
$v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; $v_sys_ssl_signature = isset($v_sys_ssl_str['VESTA']['SIGNATURE']) ? $v_sys_ssl_str['VESTA']['SIGNATURE'] : '';
$v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; $v_sys_ssl_pub_key = isset($v_sys_ssl_str['VESTA']['PUB_KEY']) ? $v_sys_ssl_str['VESTA']['PUB_KEY'] : '';
$v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; $v_sys_ssl_issuer = isset($v_sys_ssl_str['VESTA']['ISSUER']) ? $v_sys_ssl_str['VESTA']['ISSUER'] : '';
} }
} }
} }

1
web/inc/mail-wrapper.php
View file

@ -20,6 +20,7 @@ include("/usr/local/vesta/web/inc/main.php");
// Set system language // Set system language
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var); exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
if (!is_array($data)) $data = array('config' => array());
if (!empty( $data['config']['LANGUAGE'])) { if (!empty( $data['config']['LANGUAGE'])) {
$_SESSION['language'] = $data['config']['LANGUAGE']; $_SESSION['language'] = $data['config']['LANGUAGE'];
} else { } else {

14
web/inc/main.php
View file

@ -112,13 +112,15 @@ function get_favourites(){
$data = is_array($data) ? array_reverse($data, true) : array(); $data = is_array($data) ? array_reverse($data, true) : array();
$favourites = array(); $favourites = array();
foreach($data['Favourites'] as $key => $favourite){ if (isset($data['Favourites']) && is_array($data['Favourites'])) {
$favourites[$key] = array(); foreach($data['Favourites'] as $key => $favourite){
$favourites[$key] = array();
$items = explode(',', $favourite); $items = explode(',', $favourite);
foreach($items as $item){ foreach($items as $item){
if($item) if($item)
$favourites[$key][trim($item)] = 1; $favourites[$key][trim($item)] = 1;
}
} }
} }

2
web/list/firewall/index.php
View file

@ -14,7 +14,7 @@ if ($_SESSION['user'] != 'admin') {
// Data // Data
exec (VESTA_CMD."v-list-firewall json", $output, $return_var); exec (VESTA_CMD."v-list-firewall json", $output, $return_var);
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
if (version_compare(PHP_VERSION, '5.6', '==')) { $data = array_reverse($data, true); } else { $data = is_array($data) ? array_reverse($data, true) : array(); } $data = is_array($data) ? array_reverse($data, true) : array();
unset($output); unset($output);
// Render page // Render page

2
web/login/index.php
View file

@ -111,7 +111,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var); exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
$languages = json_decode(implode('', $output), true); $languages = json_decode(implode('', $output), true);
if (!is_array($languages)) $languages = array(); if (!is_array($languages)) $languages = array();
if (in_array($data[$v_user]['LANGUAGE'], $languages)){ if (isset($data[$v_user]['LANGUAGE']) && in_array($data[$v_user]['LANGUAGE'], $languages)){
$_SESSION['language'] = $data[$v_user]['LANGUAGE']; $_SESSION['language'] = $data[$v_user]['LANGUAGE'];
} else { } else {
$_SESSION['language'] = 'en'; $_SESSION['language'] = 'en';

12
web/reset/index.php
View file

@ -32,7 +32,7 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
if (strlen($rkeyexp)>9) $rkeyexp=intval($rkeyexp); if (strlen($rkeyexp)>9) $rkeyexp=intval($rkeyexp);
unset($output); unset($output);
if ($rkeyexp === null || $rkeyexp < time() - 900) { if ($rkeyexp === null || $rkeyexp < time() - 900) {
if ($email == $data[$user]['CONTACT']) { if (isset($data[$user]['CONTACT']) && $email == $data[$user]['CONTACT']) {
exec("/usr/bin/sudo /usr/local/vesta/bin/v-change-user-rkey ".$v_user, $output, $return_var); exec("/usr/bin/sudo /usr/local/vesta/bin/v-change-user-rkey ".$v_user, $output, $return_var);
unset($output); unset($output);
$CMD="/usr/bin/sudo /usr/local/vesta/bin/v-get-user-value ".$v_user." RKEY"; $CMD="/usr/bin/sudo /usr/local/vesta/bin/v-get-user-value ".$v_user." RKEY";
@ -42,10 +42,10 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
//echo $rkey; exit; //echo $rkey; exit;
//echo $CMD."\n<br />"; //echo $CMD."\n<br />";
//var_dump($rkey); exit; //var_dump($rkey); exit;
$fname = $data[$user]['FNAME']; $fname = isset($data[$user]['FNAME']) ? $data[$user]['FNAME'] : '';
$lname = $data[$user]['LNAME']; $lname = isset($data[$user]['LNAME']) ? $data[$user]['LNAME'] : '';
$contact = $data[$user]['CONTACT']; $contact = isset($data[$user]['CONTACT']) ? $data[$user]['CONTACT'] : '';
$to = $data[$user]['CONTACT']; $to = isset($data[$user]['CONTACT']) ? $data[$user]['CONTACT'] : '';
$subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s")); $subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s"));
$hostname = exec('hostname'); $hostname = exec('hostname');
$from = __('MAIL_FROM',$hostname); $from = __('MAIL_FROM',$hostname);
@ -88,7 +88,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
if (!is_array($data)) { $data = array(); } if (!is_array($data)) { $data = array(); }
unset($output); unset($output);
$rkey = $data[$user]['RKEY']; $rkey = isset($data[$user]['RKEY']) ? $data[$user]['RKEY'] : '';
if (hash_equals($rkey, $_POST['code'])) { if (hash_equals($rkey, $_POST['code'])) {
unset($output); unset($output);
exec("/usr/bin/sudo /usr/local/vesta/bin/v-get-user-value ".$v_user." RKEYEXP", $output, $return_var); exec("/usr/bin/sudo /usr/local/vesta/bin/v-get-user-value ".$v_user." RKEYEXP", $output, $return_var);