github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 21:34:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding escapeshellarg on few more places in php code

Browse source
This commit is contained in:
dpeca 2020-06-23 19:06:25 +02:00
commit c377e19df8
4 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/list/directory/index.php
View file

@ -15,7 +15,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
}
if (empty($panel)) {
$command = VESTA_CMD."v-list-user '".$user."' 'json'";
$command = VESTA_CMD."v-list-user ".escapeshellarg($user)." 'json'";
exec ($command, $output, $return_var);
if ( $return_var > 0 ) {
header("Location: /error/");

4
web/list/dns/index.php
View file

@ -7,14 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Data & Render page
if (empty($_GET['domain'])){
exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var);
exec (VESTA_CMD."v-list-dns-domains ".escapeshellarg($user)." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
render_page($user, $TAB, 'list_dns');
} else {
exec (VESTA_CMD."v-list-dns-records ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
exec (VESTA_CMD."v-list-dns-records ".escapeshellarg($user)." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);

4
web/list/mail/index.php
View file

@ -7,14 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Data & Render page
if (empty($_GET['domain'])){
exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var);
exec (VESTA_CMD."v-list-mail-domains ".escapeshellarg($user)." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
render_page($user, $TAB, 'list_mail');
} else {
exec (VESTA_CMD."v-list-mail-accounts ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
exec (VESTA_CMD."v-list-mail-accounts ".escapeshellarg($user)." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);