github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding escapeshellarg on few more places in php code

Browse source
This commit is contained in:
dpeca 2020-06-23 19:06:25 +02:00
parent b6cadcd992
commit c377e19df8
4 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/edit/server/index.php
View file

@ -356,7 +356,7 @@ if (!empty($_POST['save'])) {
// Change remote backup host type // Change remote backup host type
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); exec (VESTA_CMD."v-delete-backup-host " . escapeshellarg($v_backup_type), $output, $return_var);
unset($output); unset($output);
$v_backup_host = escapeshellarg($_POST['v_backup_host']); $v_backup_host = escapeshellarg($_POST['v_backup_host']);

2
web/list/directory/index.php
View file

@ -15,7 +15,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
} }
if (empty($panel)) { if (empty($panel)) {
$command = VESTA_CMD."v-list-user '".$user."' 'json'"; $command = VESTA_CMD."v-list-user ".escapeshellarg($user)." 'json'";
exec ($command, $output, $return_var); exec ($command, $output, $return_var);
if ( $return_var > 0 ) { if ( $return_var > 0 ) {
header("Location: /error/"); header("Location: /error/");

4
web/list/dns/index.php
View file

@ -7,14 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Data & Render page // Data & Render page
if (empty($_GET['domain'])){ if (empty($_GET['domain'])){
exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var); exec (VESTA_CMD."v-list-dns-domains ".escapeshellarg($user)." json", $output, $return_var);
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output); unset($output);
render_page($user, $TAB, 'list_dns'); render_page($user, $TAB, 'list_dns');
} else { } else {
exec (VESTA_CMD."v-list-dns-records ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var); exec (VESTA_CMD."v-list-dns-records ".escapeshellarg($user)." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output); unset($output);

4
web/list/mail/index.php
View file

@ -7,14 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Data & Render page // Data & Render page
if (empty($_GET['domain'])){ if (empty($_GET['domain'])){
exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var); exec (VESTA_CMD."v-list-mail-domains ".escapeshellarg($user)." json", $output, $return_var);
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output); unset($output);
render_page($user, $TAB, 'list_mail'); render_page($user, $TAB, 'list_mail');
} else { } else {
exec (VESTA_CMD."v-list-mail-accounts ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var); exec (VESTA_CMD."v-list-mail-accounts ".escapeshellarg($user)." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true); $data = array_reverse($data, true);
unset($output); unset($output);