github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 13:24:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

removed unnecessary single quotes for security reasons / thanks to Andrea Cardaci

Browse source
This commit is contained in:
Serghey Rodin 2019-08-07 18:46:40 +03:00
commit b17b4b205d
15 changed files with 65 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

6
web/add/ip/index.php
View file

@ -57,7 +57,7 @@ if (!empty($_POST['ok'])) {
// Add IP
if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".$ip_status." ".$v_name." ".$v_nat, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_owner = $_POST['v_owner'];
@ -75,12 +75,12 @@ if (!empty($_POST['ok'])) {
}
// List network interfaces
exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-sys-interfaces json", $output, $return_var);
$interfaces = json_decode(implode('', $output), true);
unset($output);
// List users
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-sys-users json", $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);

10
web/add/web/index.php
View file

@ -118,7 +118,7 @@ if (!empty($_POST['ok'])) {
// Add web domain
if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var);
exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." no ".$aliases." ".$proxy_ext, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$domain_added = empty($_SESSION['error_msg']);
@ -126,7 +126,7 @@ if (!empty($_POST['ok'])) {
// Add DNS domain
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@ -136,7 +136,7 @@ if (!empty($_POST['ok'])) {
foreach ($aliases_arr as $alias) {
if ($alias != "www.".$_POST['v_domain']) {
$alias = escapeshellarg($alias);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@ -153,7 +153,7 @@ if (!empty($_POST['ok'])) {
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) {
$ext = escapeshellarg($ext);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@ -195,7 +195,7 @@ if (!empty($_POST['ok'])) {
}
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}