github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 ♻️ Implement secure exec wrapper functions.

Browse source
This commit is contained in:
Flat 2015-12-02 21:24:34 +09:00
commit 8e951ac72e
115 changed files with 1345 additions and 1986 deletions
Download patch file Download diff file Expand all files Collapse all files

26
web/delete/mail/index.php
View file

@ -7,25 +7,22 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Delete as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=$_GET['user'];
$user = $_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit();
exit;
}
// Mail domain
if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
$v_username = escapeshellarg($user);
$v_domain = escapeshellarg($_GET['domain']);
exec (VESTA_CMD."v-delete-mail-domain ".$v_username." ".$v_domain, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_domain = $_GET['domain'];
v_exec('v-delete-mail-domain', [$user, $v_domain]);
$back = $_SESSION['back'];
if (!empty($back)) {
header("Location: ".$back);
header("Location: $back");
exit;
}
header("Location: /list/mail/");
@ -34,15 +31,12 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
// Mail account
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$v_username = escapeshellarg($user);
$v_domain = escapeshellarg($_GET['domain']);
$v_account = escapeshellarg($_GET['account']);
exec (VESTA_CMD."v-delete-mail-account ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_domain = $_GET['domain'];
$v_account = $_GET['account'];
v_exec('v-delete-mail-account', [$user, $v_domain, $v_account]);
$back = $_SESSION['back'];
if (!empty($back)) {
header("Location: ".$back);
header("Location: $back");
exit;
}
header("Location: /list/mail/?domain=".$_GET['domain']);
@ -51,7 +45,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$back = $_SESSION['back'];
if (!empty($back)) {
header("Location: ".$back);
header("Location: $back");
exit;
}