From 387f673560d81400db85337106f3d50702089603 Mon Sep 17 00:00:00 2001 From: estratos Date: Fri, 25 Jul 2014 20:35:50 -0600 Subject: [PATCH] Changed cmd Query on Api index.php To avoid "Notice : undefined variables " changed the way the cmd query is built by validating each argument Not empty into the cmd command string --- web/api/index.php | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/web/api/index.php b/web/api/index.php index 458342838..cbaec6c34 100644 --- a/web/api/index.php +++ b/web/api/index.php @@ -26,9 +26,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { echo 'Error: only admin is allowed to use API'; exit; } - // Not Declaring arguments may cause Notifies on the response on an API Call when the Directive Dysplay errors is enabled - // you may initialize argument arg1, arg2,... arg9 to = '' here - // Or post the unused args to ='' + // Prepare arguments if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']); @@ -42,8 +40,27 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']); if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']); - // Run query - exec (VESTA_CMD.$cmd." ".$arg1." ".$arg2." ".$arg3." ".$arg4." ".$arg5." ".$arg6." ".$arg7." ".$arg8." ".$arg9, $output, $return_var); + // Build query + $cmdquery = VESTA_CMD.$cmd." ".$arg1." ".$arg2." "; + if(!empty($arg3)){ + $cmdquery = $cmdquery.$arg3." "; } + if(!empty($arg4)){ + $cmdquery = $cmdquery.$arg4." "; } + + if(!empty($arg5)){ + $cmdquery = $cmdquery.$arg5." "; } + if(!empty($arg6)){ + $cmdquery = $cmdquery.$arg6." "; } + if(!empty($arg7)){ + $cmdquery = $cmdquery.$arg7." "; } + if(!empty($arg8)){ + $cmdquery = $cmdquery.$arg8." "; } + if(!empty($arg9)){ + $cmdquery = $cmdquery.$arg9; } + + // Run query + exec ($cmdquery, $output, $return_var); + if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) { echo $return_var; } else {