diff --git a/web/add/ip/index.php b/web/add/ip/index.php index 8746ed08..73f56b38 100644 --- a/web/add/ip/index.php +++ b/web/add/ip/index.php @@ -57,7 +57,7 @@ if (!empty($_POST['ok'])) { // Add IP if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".$ip_status." ".$v_name." ".$v_nat, $output, $return_var); check_return_code($return_var,$output); unset($output); $v_owner = $_POST['v_owner']; @@ -75,12 +75,12 @@ if (!empty($_POST['ok'])) { } // List network interfaces -exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-interfaces json", $output, $return_var); $interfaces = json_decode(implode('', $output), true); unset($output); // List users -exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); diff --git a/web/add/web/index.php b/web/add/web/index.php index e6448c91..d77b8f40 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -118,7 +118,7 @@ if (!empty($_POST['ok'])) { // Add web domain if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); + exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." no ".$aliases." ".$proxy_ext, $output, $return_var); check_return_code($return_var,$output); unset($output); $domain_added = empty($_SESSION['error_msg']); @@ -126,7 +126,7 @@ if (!empty($_POST['ok'])) { // Add DNS domain if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -136,7 +136,7 @@ if (!empty($_POST['ok'])) { foreach ($aliases_arr as $alias) { if ($alias != "www.".$_POST['v_domain']) { $alias = escapeshellarg($alias); - exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -153,7 +153,7 @@ if (!empty($_POST['ok'])) { // Delete proxy support if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) { $ext = escapeshellarg($ext); - exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -195,7 +195,7 @@ if (!empty($_POST['ok'])) { } $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } diff --git a/web/edit/backup/exclusions/index.php b/web/edit/backup/exclusions/index.php index bbbb4b3e..f4b854b0 100644 --- a/web/edit/backup/exclusions/index.php +++ b/web/edit/backup/exclusions/index.php @@ -12,7 +12,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { } // List backup exclustions -exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/cron/index.php b/web/edit/cron/index.php index 3d8e9922..9f7ffb34 100644 --- a/web/edit/cron/index.php +++ b/web/edit/cron/index.php @@ -20,7 +20,7 @@ if (empty($_GET['job'])) { // List cron job $v_job = escapeshellarg($_GET['job']); -exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); diff --git a/web/edit/db/index.php b/web/edit/db/index.php index 763717bc..232f6322 100644 --- a/web/edit/db/index.php +++ b/web/edit/db/index.php @@ -20,7 +20,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { // List datbase $v_database = escapeshellarg($_GET['database']); -exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-database ".$user." ".$v_database." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/dns/index.php b/web/edit/dns/index.php index 3c2e1e5c..b8cbc4db 100644 --- a/web/edit/dns/index.php +++ b/web/edit/dns/index.php @@ -52,7 +52,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) { $v_domain = escapeshellarg($_GET['domain']); $v_record_id = escapeshellarg($_GET['record_id']); - exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -88,7 +88,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain IP if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); $restart_dns = 'yes'; unset($output); @@ -97,7 +97,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain template if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) { $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -106,7 +106,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change SOA record if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) { $v_soa = escapeshellarg($_POST['v_soa']); - exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -115,7 +115,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change expiriation date if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) { $v_exp = escapeshellarg($_POST['v_exp']); - exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -123,7 +123,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain ttl if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) { $v_ttl = escapeshellarg($_POST['v_ttl']); - exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; diff --git a/web/edit/firewall/index.php b/web/edit/firewall/index.php index 18b4be4c..67e039d4 100644 --- a/web/edit/firewall/index.php +++ b/web/edit/firewall/index.php @@ -20,7 +20,7 @@ if (empty($_GET['rule'])) { // List rule $v_rule = escapeshellarg($_GET['rule']); -exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/ip/index.php b/web/edit/ip/index.php index b9eaa581..c7ec6d7a 100644 --- a/web/edit/ip/index.php +++ b/web/edit/ip/index.php @@ -20,7 +20,7 @@ if (empty($_GET['ip'])) { // List ip $v_ip = escapeshellarg($_GET['ip']); -exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-ip ".$v_ip." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -45,7 +45,7 @@ if ( $v_suspended == 'yes' ) { } // List users -exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); @@ -55,13 +55,13 @@ if (!empty($_POST['save'])) { // Change Status if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." dedicated", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_dedicated = 'yes'; } if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." shared", $output, $return_var); check_return_code($return_var,$output); unset($output); unset($v_dedicated); diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php index 6424e3ab..e4451fc5 100644 --- a/web/edit/mail/index.php +++ b/web/edit/mail/index.php @@ -45,7 +45,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { $v_domain = escapeshellarg($_GET['domain']); $v_account = escapeshellarg($_GET['account']); - exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); @@ -75,7 +75,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { // Parse autoreply if ( $v_autoreply == 'yes' ) { - exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var); + exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." ".$v_domain." ".$v_account." json", $output, $return_var); $autoreply_str = json_decode(implode('', $output), true); unset($output); $v_autoreply_message = $autoreply_str[$v_account]['MSG']; @@ -231,7 +231,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco $result = array_diff($valiases, $aliases); foreach ($result as $alias) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { - exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".escapeshellarg($alias)."'", $output, $return_var); + exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -257,7 +257,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco $result = array_diff($vfwd, $fwd); foreach ($result as $forward) { if ((empty($_SESSION['error_msg'])) && (!empty($forward))) { - exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".escapeshellarg($forward)."'", $output, $return_var); + exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var); check_return_code($return_var,$output); unset($output); } diff --git a/web/edit/package/index.php b/web/edit/package/index.php index 763bfdf4..e8d4eddc 100644 --- a/web/edit/package/index.php +++ b/web/edit/package/index.php @@ -22,7 +22,7 @@ if (empty($_GET['package'])) { // List package $v_package = escapeshellarg($_GET['package']); -exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-user-package ".$v_package." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); @@ -203,7 +203,7 @@ if (!empty($_POST['save'])) { fclose($fp); // Save changes - exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var); + exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." yes", $output, $return_var); check_return_code($return_var,$output); unset($output); @@ -212,7 +212,7 @@ if (!empty($_POST['save'])) { unset($output); // Propogate new package - exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var); + exec (VESTA_CMD."v-update-user-package ".$v_package." json", $output, $return_var); check_return_code($return_var,$output); unset($output); diff --git a/web/edit/server/index.php b/web/edit/server/index.php index defc0b7a..0743ab17 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,7 +339,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -356,7 +356,7 @@ if (!empty($_POST['save'])) { // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { - exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); + exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); unset($output); $v_backup_host = escapeshellarg($_POST['v_backup_host']); @@ -364,7 +364,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -386,7 +386,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -403,7 +403,7 @@ if (!empty($_POST['save'])) { // Delete remote backup host if (empty($_SESSION['error_msg'])) { if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) { - exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); + exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = ''; diff --git a/web/edit/web/index.php b/web/edit/web/index.php index a1d2d70b..6c703e7d 100644 --- a/web/edit/web/index.php +++ b/web/edit/web/index.php @@ -36,7 +36,7 @@ $v_cgi = $data[$v_domain]['CGI']; $v_elog = $data[$v_domain]['ELOG']; $v_ssl = $data[$v_domain]['SSL']; if (!empty($v_ssl)) { - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".escapeshellarg($v_domain)."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$v_domain]['CRT']; @@ -117,7 +117,7 @@ if (!empty($_POST['save'])) { // Change web domain IP if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); $restart_web = 'yes'; $restart_proxy = 'yes'; @@ -130,7 +130,7 @@ if (!empty($_POST['save'])) { unset($output); if ($return_var == 0 ) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -140,11 +140,12 @@ if (!empty($_POST['save'])) { // Change dns ip for each alias if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { foreach($valiases as $v_alias ){ - exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var); + $v_alias = escapeshellarg($v_alias); + exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_alias." json", $output, $return_var); unset($output); if ($return_var == 0 ) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_alias." ".$v_ip, $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -155,7 +156,7 @@ if (!empty($_POST['save'])) { // Change template (admin only) if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) { $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_web = 'yes'; @@ -175,7 +176,8 @@ if (!empty($_POST['save'])) { $restart_web = 'yes'; $restart_proxy = 'yes'; $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); + $alias = escapeshellarg($alias); + exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); @@ -183,7 +185,7 @@ if (!empty($_POST['save'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); unset($output); if ($return_var == 0) { - exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -198,14 +200,15 @@ if (!empty($_POST['save'])) { $restart_web = 'yes'; $restart_proxy = 'yes'; $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".escapeshellarg($alias)." 'no'", $output, $return_var); + $alias = escapeshellarg($alias); + exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); unset($output); if ($return_var == 0) { - exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".escapeshellarg($alias)." ".$v_ip." no", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -225,7 +228,7 @@ if (!empty($_POST['save'])) { // Delete proxy support if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); unset($v_proxy); @@ -242,7 +245,7 @@ if (!empty($_POST['save'])) { if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) { $ext = str_replace(', ', ",", $ext); if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template']; - exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." no", $output, $return_var); check_return_code($return_var,$output); $v_proxy_ext = str_replace(',', ', ', $ext); unset($output); @@ -261,7 +264,7 @@ if (!empty($_POST['save'])) { $ext = str_replace(' ', ",", $ext); $v_proxy_ext = str_replace(',', ', ', $ext); } - exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_proxy = 'yes'; @@ -271,7 +274,7 @@ if (!empty($_POST['save'])) { if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { if ( $v_ssl_home != $_POST['v_ssl_home'] ) { $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); $v_ssl_home = $_POST['v_ssl_home']; $restart_web = 'yes'; @@ -310,13 +313,13 @@ if (!empty($_POST['save'])) { fclose($fp); } - exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_web = 'yes'; $restart_proxy = 'yes'; - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".$v_domain." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$v_domain]['CRT']; @@ -340,7 +343,7 @@ if (!empty($_POST['save'])) { // Delete Lets Encrypt support if (( $v_letsencrypt == 'yes' ) && (empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl_crt = ''; @@ -355,7 +358,7 @@ if (!empty($_POST['save'])) { // Delete SSL certificate if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl_crt = ''; @@ -369,7 +372,7 @@ if (!empty($_POST['save'])) { // Add Lets Encrypt support if ((!empty($_POST['v_ssl'])) && ( $v_letsencrypt == 'no' ) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) { $l_aliases = str_replace("\n", ',', $v_aliases); - exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".escapeshellarg($l_aliases)."' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." ".escapeshellarg($l_aliases)." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_letsencrypt = 'yes'; @@ -417,14 +420,14 @@ if (!empty($_POST['save'])) { fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca'])); fclose($fp); } - exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl = 'yes'; $restart_web = 'yes'; $restart_proxy = 'yes'; - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".$v_domain." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$_POST['v_domain']]['CRT']; diff --git a/web/list/stats/index.php b/web/list/stats/index.php index c758705a..3c730632 100644 --- a/web/list/stats/index.php +++ b/web/list/stats/index.php @@ -20,7 +20,7 @@ if ($user == 'admin') { unset($output); } - exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); } else { diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php index 5350f9b9..2e7d8c72 100644 --- a/web/reset/mail/index.php +++ b/web/reset/mail/index.php @@ -124,15 +124,15 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $v_password = $_POST['password']; // Get domain owner - exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var); - if ($return_var == 0) { - $v_user = $output[0]; + exec (VESTA_CMD."v-search-domain-owner ".$v_domain." mail", $output, $return_var); + if (($return_var == 0) && (!empty($output[0]))) { + $v_user = escapeshellarg($output[0]); } unset($output); // Get current md5 hash if (!empty($v_user)) { - exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var); + exec (VESTA_CMD."v-get-mail-account-value ".$v_user." ".$v_domain." ".$v_account." md5", $output, $return_var); if ($return_var == 0) { $v_hash = $output[0]; } @@ -151,7 +151,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $fp = fopen($v_new_password, "w"); fwrite($fp, $_POST['new']."\n"); fclose($fp); - exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); + exec (VESTA_CMD."v-change-mail-account-password ".$v_user." ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); if ($return_var == 0) { echo "ok"; exit; diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index a5e0b07c..aedd747c 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1118,7 +1118,7 @@ class UploadHandler $file->size > $this->get_file_size($file_path); if ($uploaded_file && is_uploaded_file($uploaded_file)) { chmod($uploaded_file, 0644); - exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." {$uploaded_file} '{$file_path}'", $output, $return_var); + exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." ".$uploaded_file." ".escapeshellarg($file_path), $output, $return_var); $error = check_return_code($return_var, $output); if ($return_var != 0) { $file->error = 'Error while saving file ';