diff --git a/web/add/cron/autoupdate/index.php b/web/add/cron/autoupdate/index.php
index bc7db99dd..53d50c059 100644
--- a/web/add/cron/autoupdate/index.php
+++ b/web/add/cron/autoupdate/index.php
@@ -3,12 +3,13 @@
error_reporting(NULL);
ob_start();
session_start();
-include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') {
- v_exec('v-add-cron-vesta-autoupdate', [], false);
+ exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var);
$_SESSION['error_msg'] = __('Autoupdate has been successfully enabled');
+ unset($output);
}
-header('Location: /list/updates/');
+header("Location: /list/updates/");
exit;
diff --git a/web/add/cron/index.php b/web/add/cron/index.php
index c78881877..62cae8f1c 100644
--- a/web/add/cron/index.php
+++ b/web/add/cron/index.php
@@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -35,16 +35,18 @@ if (!empty($_POST['ok'])) {
}
// Protect input
- $v_min = $_POST['v_min'];
- $v_hour = $_POST['v_hour'];
- $v_day = $_POST['v_day'];
- $v_month = $_POST['v_month'];
- $v_wday = $_POST['v_wday'];
- $v_cmd = $_POST['v_cmd'];
+ $v_min = escapeshellarg($_POST['v_min']);
+ $v_hour = escapeshellarg($_POST['v_hour']);
+ $v_day = escapeshellarg($_POST['v_day']);
+ $v_month = escapeshellarg($_POST['v_month']);
+ $v_wday = escapeshellarg($_POST['v_wday']);
+ $v_cmd = escapeshellarg($_POST['v_cmd']);
// Add cron job
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-cron-job', [$user, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
+ exec (VESTA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Flush field values on success
@@ -56,6 +58,7 @@ if (!empty($_POST['ok'])) {
unset($v_month);
unset($v_wday);
unset($v_cmd);
+ unset($output);
}
}
diff --git a/web/add/cron/reports/index.php b/web/add/cron/reports/index.php
index f3f31db95..4b0424e32 100644
--- a/web/add/cron/reports/index.php
+++ b/web/add/cron/reports/index.php
@@ -3,10 +3,11 @@
error_reporting(NULL);
ob_start();
session_start();
-include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-v_exec('v-add-cron-reports', [$user], false);
+exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
+unset($output);
-header('Location: /list/cron/');
+header("Location: /list/cron/");
exit;
diff --git a/web/add/db/index.php b/web/add/db/index.php
index 2a328f515..c206eb13c 100644
--- a/web/add/db/index.php
+++ b/web/add/db/index.php
@@ -12,7 +12,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -30,7 +30,7 @@ if (!empty($_POST['ok'])) {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
+ $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
// Validate email
@@ -43,11 +43,12 @@ if (!empty($_POST['ok'])) {
// Check password length
if (empty($_SESSION['error_msg'])) {
$pw_len = strlen($_POST['v_password']);
- if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg);
+ if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
}
- $v_database = $_POST['v_database'];
- $v_dbuser = $_POST['v_dbuser'];
+ // Protect input
+ $v_database = escapeshellarg($_POST['v_database']);
+ $v_dbuser = escapeshellarg($_POST['v_dbuser']);
$v_type = $_POST['v_type'];
$v_charset = $_POST['v_charset'];
$v_host = $_POST['v_host'];
@@ -55,24 +56,32 @@ if (!empty($_POST['ok'])) {
// Add database
if (empty($_SESSION['error_msg'])) {
- $v_password = tempnam('/tmp', 'vst');
- $fp = fopen($v_password, 'w');
+ $v_type = escapeshellarg($_POST['v_type']);
+ $v_charset = escapeshellarg($_POST['v_charset']);
+ $v_host = escapeshellarg($_POST['v_host']);
+ $v_password = tempnam("/tmp","vst");
+ $fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- v_exec('v-add-database', [$user, $v_database, $v_dbuser, $v_password, $v_type, $v_host, $v_charset]);
+ exec (VESTA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_password);
- $v_password = $_POST['v_password'];
+ $v_password = escapeshellarg($_POST['v_password']);
+ $v_type = $_POST['v_type'];
+ $v_host = $_POST['v_host'];
+ $v_charset = $_POST['v_charset'];
}
// Get database manager url
if (empty($_SESSION['error_msg'])) {
- list($http_host, $port) = explode(':', $_SERVER['HTTP_HOST'] . ':');
+ list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":");
if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
- if ($_POST['v_type'] == 'mysql') $db_admin = 'phpMyAdmin';
- if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://$http_host/phpmyadmin/";
+ if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin";
+ if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
if (($_POST['v_type'] == 'mysql') && (!empty($_SESSION['DB_PMA_URL']))) $db_admin_link = $_SESSION['DB_PMA_URL'];
- if ($_POST['v_type'] == 'pgsql') $db_admin = 'phpPgAdmin';
- if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://$http_host/phppgadmin/";
+ if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin";
+ if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
if (($_POST['v_type'] == 'pgsql') && (!empty($_SESSION['DB_PGA_URL']))) $db_admin_link = $_SESSION['DB_PGA_URL'];
}
@@ -81,15 +90,15 @@ if (!empty($_POST['ok'])) {
$to = $v_db_email;
$subject = __("Database Credentials");
$hostname = exec('hostname');
- $from = __('MAIL_FROM', $hostname);
- $mailtext = __('DATABASE_READY', $user.'_'.$_POST['v_database'], $user.'_'.$_POST['v_dbuser'], $_POST['v_password'], $db_admin_link);
+ $from = __('MAIL_FROM',$hostname);
+ $mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
send_email($to, $subject, $mailtext, $from);
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK', htmlentities($user.'_'.$_POST['v_database']), htmlentities($user.'_'.$_POST['v_database']));
- $_SESSION['ok_msg'] .= " / " . __('open %s', $db_admin) . '';
+ $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database']));
+ $_SESSION['ok_msg'] .= " / " . __('open %s',$db_admin) . "";
unset($v_database);
unset($v_dbuser);
unset($v_password);
@@ -108,15 +117,16 @@ top_panel($user,$TAB);
$v_db_email = $panel[$user]['CONTACT'];
// List avaiable database types
-$db_types = explode(',', $_SESSION['DB_SYSTEM']);
+$db_types = split(",",$_SESSION['DB_SYSTEM']);
// List available database servers
$db_hosts = array();
foreach ($db_types as $db_type ) {
- v_exec('v-list-database-hosts', [$db_type, 'json'], false, $output);
- $db_hosts_tmp = json_decode($output, true);
+ exec (VESTA_CMD."v-list-database-hosts ".$db_type." 'json'", $output, $return_var);
+ $db_hosts_tmp = json_decode(implode('', $output), true);
$db_hosts = array_merge($db_hosts, $db_hosts_tmp);
unset($db_hosts_tmp);
+ unset($output);
}
// Display body
diff --git a/web/add/dns/index.php b/web/add/dns/index.php
index 086ca5d7e..629e2ec57 100644
--- a/web/add/dns/index.php
+++ b/web/add/dns/index.php
@@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -32,47 +32,56 @@ if (!empty($_POST['ok'])) {
// Protect input
$v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
+ $v_domain = escapeshellarg($v_domain);
$v_domain = strtolower($v_domain);
- $v_ip = $_POST['v_ip'];
- if (!empty($_POST['v_ns1'])) $v_ns1 = $_POST['v_ns1'];
- if (!empty($_POST['v_ns2'])) $v_ns2 = $_POST['v_ns2'];
- if (!empty($_POST['v_ns3'])) $v_ns3 = $_POST['v_ns3'];
- if (!empty($_POST['v_ns4'])) $v_ns4 = $_POST['v_ns4'];
- if (!empty($_POST['v_ns5'])) $v_ns5 = $_POST['v_ns5'];
- if (!empty($_POST['v_ns6'])) $v_ns6 = $_POST['v_ns6'];
- if (!empty($_POST['v_ns7'])) $v_ns7 = $_POST['v_ns7'];
- if (!empty($_POST['v_ns8'])) $v_ns8 = $_POST['v_ns8'];
+ $v_ip = escapeshellarg($_POST['v_ip']);
+ if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']);
+ if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']);
+ if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']);
+ if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']);
+ if (!empty($_POST['v_ns5'])) $v_ns5 = escapeshellarg($_POST['v_ns5']);
+ if (!empty($_POST['v_ns6'])) $v_ns6 = escapeshellarg($_POST['v_ns6']);
+ if (!empty($_POST['v_ns7'])) $v_ns7 = escapeshellarg($_POST['v_ns7']);
+ if (!empty($_POST['v_ns8'])) $v_ns8 = escapeshellarg($_POST['v_ns8']);
// Add dns domain
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-dns-domain', [$user, $v_domain, $v_ip, $v_ns1, $v_ns2, $v_ns3, $v_ns4, $v_ns5, $v_ns6, $v_ns7, $v_ns8, 'no']);
+ exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." ".$v_ns5." ".$v_ns6." ".$v_ns7." ".$v_ns8." no", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Set expiriation date
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) {
- $v_exp = $_POST['v_exp'];
- v_exec('v-change-dns-domain-exp', [$user, $v_domain, $v_exp, 'no']);
+ $v_exp = escapeshellarg($_POST['v_exp']);
+ exec (VESTA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
// Set ttl
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) {
- $v_ttl = $_POST['v_ttl'];
- v_exec('v-change-dns-domain-ttl', [$user, $v_domain, $v_ttl, 'no']);
+ $v_ttl = escapeshellarg($_POST['v_ttl']);
+ exec (VESTA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
// Restart dns server
if (empty($_SESSION['error_msg'])) {
- v_exec('v-restart-dns');
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK', htmlentities($_POST[v_domain]), htmlentities($_POST[v_domain]));
+ $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
unset($v_domain);
}
}
@@ -84,7 +93,7 @@ if (!empty($_POST['ok_rec'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -104,15 +113,18 @@ if (!empty($_POST['ok_rec'])) {
}
// Protect input
- $v_domain = $_POST['v_domain'];
- $v_rec = $_POST['v_rec'];
- $v_type = $_POST['v_type'];
- $v_val = $_POST['v_val'];
- $v_priority = $_POST['v_priority'];
+ $v_domain = escapeshellarg($_POST['v_domain']);
+ $v_rec = escapeshellarg($_POST['v_rec']);
+ $v_type = escapeshellarg($_POST['v_type']);
+ $v_val = escapeshellarg($_POST['v_val']);
+ $v_priority = escapeshellarg($_POST['v_priority']);
// Add dns record
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-dns-record', [$user, $v_domain, $v_rec, $v_type, $v_val, $v_priority]);
+ exec (VESTA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ $v_type = $_POST['v_type'];
}
// Flush field values on success
@@ -147,8 +159,8 @@ if (empty($_GET['domain'])) {
if (empty($v_ttl)) $v_ttl = 14400;
if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
if (empty($v_ns1)) {
- v_exec('v-list-user-ns', [$user, 'json'], false, $output);
- $nameservers = json_decode($output, true);
+ exec (VESTA_CMD."v-list-user-ns ".$user." json", $output, $return_var);
+ $nameservers = json_decode(implode('', $output), true);
$v_ns1 = str_replace("'", "", $nameservers[0]);
$v_ns2 = str_replace("'", "", $nameservers[1]);
$v_ns3 = str_replace("'", "", $nameservers[2]);
@@ -157,6 +169,7 @@ if (empty($_GET['domain'])) {
$v_ns6 = str_replace("'", "", $nameservers[5]);
$v_ns7 = str_replace("'", "", $nameservers[6]);
$v_ns8 = str_replace("'", "", $nameservers[7]);
+ unset($output);
}
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns.html');
}
diff --git a/web/add/favorite/index.php b/web/add/favorite/index.php
index 9987ecc9c..e9f2e828d 100644
--- a/web/add/favorite/index.php
+++ b/web/add/favorite/index.php
@@ -9,13 +9,15 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
// if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
// header('location: /login/');
-// exit;
+// exit();
// }
- $v_section = $_REQUEST['v_section'];
- $v_unit_id = $_REQUEST['v_unit_id'];
+ // Protect input
+ $v_section = escapeshellarg($_REQUEST['v_section']);
+ $v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
- $_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id] = 1;
+ $_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']] = 1;
- v_exec('v-add-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
+ exec (VESTA_CMD."v-add-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var);
+// check_return_code($return_var,$output);
?>
\ No newline at end of file
diff --git a/web/add/firewall/banlist/index.php b/web/add/firewall/banlist/index.php
index e95324bf3..f0e97042a 100644
--- a/web/add/firewall/banlist/index.php
+++ b/web/add/firewall/banlist/index.php
@@ -31,12 +31,15 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
- $v_chain = $_POST['v_chain'];
- $v_ip = $_POST['v_ip'];
+ // Protect input
+ $v_chain = escapeshellarg($_POST['v_chain']);
+ $v_ip = escapeshellarg($_POST['v_ip']);
// Add firewall ban
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-firewall-ban', [$v_ip, $v_chain]);
+ exec (VESTA_CMD."v-add-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Flush field values on success
diff --git a/web/add/firewall/index.php b/web/add/firewall/index.php
index e6ead5a16..caae650ce 100644
--- a/web/add/firewall/index.php
+++ b/web/add/firewall/index.php
@@ -20,7 +20,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -39,17 +39,21 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
- $v_action = $_POST['v_action'];
- $v_protocol = $_POST['v_protocol'];
- $v_port = str_replace(' ', ',', $_POST['v_port']);
+ // Protect input
+ $v_action = escapeshellarg($_POST['v_action']);
+ $v_protocol = escapeshellarg($_POST['v_protocol']);
+ $v_port = str_replace(" ",",", $_POST['v_port']);
$v_port = preg_replace('/\,+/', ',', $v_port);
- $v_port = trim($v_port, ',');
- $v_ip = $_POST['v_ip'];
- $v_comment = $_POST['v_comment'];
+ $v_port = trim($v_port, ",");
+ $v_port = escapeshellarg($v_port);
+ $v_ip = escapeshellarg($_POST['v_ip']);
+ $v_comment = escapeshellarg($_POST['v_comment']);
// Add firewall rule
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-firewall-rule', [$v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
+ exec (VESTA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Flush field values on success
diff --git a/web/add/ip/index.php b/web/add/ip/index.php
index 5ac006801..5f48a081d 100644
--- a/web/add/ip/index.php
+++ b/web/add/ip/index.php
@@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -38,12 +38,13 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
- $v_ip = $_POST['v_ip'];
- $v_netmask = $_POST['v_netmask'];
- $v_name = $_POST['v_name'];
- $v_nat = $_POST['v_nat'];
- $v_interface = $_POST['v_interface'];
- $v_owner = $_POST['v_owner'];
+ // Protect input
+ $v_ip = escapeshellarg($_POST['v_ip']);
+ $v_netmask = escapeshellarg($_POST['v_netmask']);
+ $v_name = escapeshellarg($_POST['v_name']);
+ $v_nat = escapeshellarg($_POST['v_nat']);
+ $v_interface = escapeshellarg($_POST['v_interface']);
+ $v_owner = escapeshellarg($_POST['v_owner']);
$v_shared = $_POST['v_shared'];
// Check shared checkmark
@@ -52,11 +53,16 @@ if (!empty($_POST['ok'])) {
} else {
$ip_status = 'dedicated';
$v_dedicated = 'yes';
+
}
// Add IP
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-sys-ip', [$v_ip, $v_netmask, $v_interface, $v_owner, $ip_status, $v_name, $v_nat]);
+ exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ $v_owner = $_POST['v_owner'];
+ $v_interface = $_POST['v_interface'];
}
// Flush field values on success
@@ -76,12 +82,14 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// List network interfaces
-v_exec('v-list-sys-interfaces', ['json'], false, $output);
-$interfaces = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
+$interfaces = json_decode(implode('', $output), true);
+unset($output);
// List users
-v_exec('v-list-sys-users', ['json'], false, $output);
-$users = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
+$users = json_decode(implode('', $output), true);
+unset($output);
// Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
index 5ae28a38c..12adde125 100644
--- a/web/add/mail/index.php
+++ b/web/add/mail/index.php
@@ -14,7 +14,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -53,16 +53,19 @@ if (!empty($_POST['ok'])) {
// Set domain name to lowercase and remove www prefix
$v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
+ $v_domain = escapeshellarg($v_domain);
$v_domain = strtolower($v_domain);
// Add mail domain
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-mail-domain', [$user, $v_domain, $v_antispam, $v_antivirus, $v_dkim]);
+ exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK', htmlentities($_POST['v_domain']), htmlentities($_POST['v_domain']));
+ $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
unset($v_domain);
}
}
@@ -74,7 +77,7 @@ if (!empty($_POST['ok_acc'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -89,16 +92,17 @@ if (!empty($_POST['ok_acc'])) {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
+ $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
// Protect input
- $v_domain = strtolower($_POST['v_domain']);
- $v_account = $_POST['v_account'];
- $v_quota = $_POST['v_quota'];
+ $v_domain = escapeshellarg($_POST['v_domain']);
+ $v_domain = strtolower($v_domain);
+ $v_account = escapeshellarg($_POST['v_account']);
+ $v_quota = escapeshellarg($_POST['v_quota']);
$v_aliases = $_POST['v_aliases'];
$v_fwd = $_POST['v_fwd'];
- if (empty($_POST['v_quota'])) $v_quota = '0';
+ if (empty($_POST['v_quota'])) $v_quota = 0;
if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes';
// Add Mail Account
@@ -107,55 +111,65 @@ if (!empty($_POST['ok_acc'])) {
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- v_exec('v-add-mail-account', [$user, $v_domain, $v_account, $v_password, $v_quota]);
+ exec (VESTA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_password);
- $v_password = $_POST['v_password'];
+ $v_password = escapeshellarg($_POST['v_password']);
}
// Add Aliases
if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
- $valiases = preg_replace('/\n/', ' ', $_POST['v_aliases']);
- $valiases = preg_replace('/,/', ' ', $valiases);
+ $valiases = preg_replace("/\n/", " ", $_POST['v_aliases']);
+ $valiases = preg_replace("/,/", " ", $valiases);
$valiases = preg_replace('/\s+/', ' ',$valiases);
$valiases = trim($valiases);
- $aliases = explode(' ', $valiases);
+ $aliases = explode(" ", $valiases);
foreach ($aliases as $alias) {
+ $alias = escapeshellarg($alias);
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-mail-account-alias', [$user, $v_domain, $v_account, $alias]);
+ exec (VESTA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
}
// Add Forwarders
if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
- $vfwd = preg_replace('/\n/', ' ', $_POST['v_fwd']);
- $vfwd = preg_replace('/,/', ' ', $vfwd);
+ $vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
+ $vfwd = preg_replace("/,/", " ", $vfwd);
$vfwd = preg_replace('/\s+/', ' ',$vfwd);
$vfwd = trim($vfwd);
- $fwd = explode(' ', $vfwd);
+ $fwd = explode(" ", $vfwd);
foreach ($fwd as $forward) {
+ $forward = escapeshellarg($forward);
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-mail-account-forward', [$user, $v_domain, $v_account, $forward]);
+ exec (VESTA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
}
// Add fwd_only flag
if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-mail-account-fwd-only', [$user, $v_domain, $v_account]);
+ exec (VESTA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Get webmail url
if (empty($_SESSION['error_msg'])) {
- list($http_host, $port) = explode(':', $_SERVER['HTTP_HOST'].':');
- $webmail = "http://$http_host/webmail/";
+ list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
+ $webmail = "http://".$http_host."/webmail/";
if (!empty($_SESSION['MAIL_URL'])) $webmail = $_SESSION['MAIL_URL'];
}
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK', htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']), htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']));
- $_SESSION['ok_msg'] .= " / " . __('open webmail') . '';
+ $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]));
+ $_SESSION['ok_msg'] .= " / " . __('open webmail') . "";
unset($v_account);
unset($v_password);
unset($v_password);
diff --git a/web/add/package/index.php b/web/add/package/index.php
index f93e1b03e..f620b4711 100644
--- a/web/add/package/index.php
+++ b/web/add/package/index.php
@@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -57,23 +57,24 @@ if (!empty($_POST['ok'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
- $v_package = $_POST['v_package'];
- $v_web_template = $_POST['v_web_template'];
- $v_backend_template = $_POST['v_backend_template'];
- $v_proxy_template = $_POST['v_proxy_template'];
- $v_dns_template = $_POST['v_dns_template'];
- $v_shell = $_POST['v_shell'];
- $v_web_domains = $_POST['v_web_domains'];
- $v_web_aliases = $_POST['v_web_aliases'];
- $v_dns_domains = $_POST['v_dns_domains'];
- $v_dns_records = $_POST['v_dns_records'];
- $v_mail_domains = $_POST['v_mail_domains'];
- $v_mail_accounts = $_POST['v_mail_accounts'];
- $v_databases = $_POST['v_databases'];
- $v_cron_jobs = $_POST['v_cron_jobs'];
- $v_backups = $_POST['v_backups'];
- $v_disk_quota = $_POST['v_disk_quota'];
- $v_bandwidth = $_POST['v_bandwidth'];
+ // Protect input
+ $v_package = escapeshellarg($_POST['v_package']);
+ $v_web_template = escapeshellarg($_POST['v_web_template']);
+ $v_backend_template = escapeshellarg($_POST['v_backend_template']);
+ $v_proxy_template = escapeshellarg($_POST['v_proxy_template']);
+ $v_dns_template = escapeshellarg($_POST['v_dns_template']);
+ $v_shell = escapeshellarg($_POST['v_shell']);
+ $v_web_domains = escapeshellarg($_POST['v_web_domains']);
+ $v_web_aliases = escapeshellarg($_POST['v_web_aliases']);
+ $v_dns_domains = escapeshellarg($_POST['v_dns_domains']);
+ $v_dns_records = escapeshellarg($_POST['v_dns_records']);
+ $v_mail_domains = escapeshellarg($_POST['v_mail_domains']);
+ $v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']);
+ $v_databases = escapeshellarg($_POST['v_databases']);
+ $v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']);
+ $v_backups = escapeshellarg($_POST['v_backups']);
+ $v_disk_quota = escapeshellarg($_POST['v_disk_quota']);
+ $v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
$v_ns1 = trim($_POST['v_ns1'], '.');
$v_ns2 = trim($_POST['v_ns2'], '.');
$v_ns3 = trim($_POST['v_ns3'], '.');
@@ -89,46 +90,43 @@ if (!empty($_POST['ok'])) {
if (!empty($v_ns6)) $v_ns .= ",".$v_ns6;
if (!empty($v_ns7)) $v_ns .= ",".$v_ns7;
if (!empty($v_ns8)) $v_ns .= ",".$v_ns8;
- $v_time = date('H:i:s');
- $v_date = date('Y-m-d');
+ $v_ns = escapeshellarg($v_ns);
+ $v_time = escapeshellarg(date('H:i:s'));
+ $v_date = escapeshellarg(date('Y-m-d'));
// Create temporary dir
if (empty($_SESSION['error_msg'])) {
- exec('mktemp -d', $output, $return_var);
+ exec ('mktemp -d', $output, $return_var);
$tmpdir = $output[0];
- check_return_code($return_var, $output);
+ check_return_code($return_var,$output);
unset($output);
}
// Create package file
if (empty($_SESSION['error_msg'])) {
- $a_pkg = [
- 'WEB_TEMPLATE' => $v_web_template,
- 'BACKEND_TEMPLATE' => !empty($_SESSION['WEB_BACKEND']) ? $v_backend_template : null,
- 'PROXY_TEMPLATE' => !empty($_SESSION['PROXY_SYSTEM']) ? $v_proxy_template : null,
- 'DNS_TEMPLATE' => $v_dns_template,
- 'WEB_DOMAINS' => $v_web_domains,
- 'WEB_ALIASES' => $v_web_aliases,
- 'DNS_DOMAINS' => $v_dns_domains,
- 'DNS_RECORDS' => $v_dns_records,
- 'MAIL_DOMAINS' => $v_mail_domains,
- 'MAIL_ACCOUNTS' => $v_mail_accounts,
- 'DATABASES' => $v_databases,
- 'CRON_JOBS' => $v_cron_jobs,
- 'DISK_QUOTA' => $v_disk_quota,
- 'BANDWIDTH' => $v_bandwidth,
- 'NS' => $v_ns,
- 'SHELL' => $v_shell,
- 'BACKUPS' => $v_backups,
- 'TIME' => $v_time,
- 'DATE' => $v_date,
- ];
-
- $pkg = '';
- foreach ($a_pkg as $key => $value) {
- if (is_null($value)) continue;
- $pkg .= $key . '=' . escapeshellarg($value) . "\n";
+ $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
+ if (!empty($_SESSION['WEB_BACKEND'])) {
+ $pkg .= "BACKEND_TEMPLATE=".$v_backend_template."\n";
}
+ if (!empty($_SESSION['PROXY_SYSTEM'])) {
+ $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
+ }
+ $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
+ $pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
+ $pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
+ $pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
+ $pkg .= "DNS_RECORDS=".$v_dns_records."\n";
+ $pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
+ $pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
+ $pkg .= "DATABASES=".$v_databases."\n";
+ $pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
+ $pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
+ $pkg .= "BANDWIDTH=".$v_bandwidth."\n";
+ $pkg .= "NS=".$v_ns."\n";
+ $pkg .= "SHELL=".$v_shell."\n";
+ $pkg .= "BACKUPS=".$v_backups."\n";
+ $pkg .= "TIME=".$v_time."\n";
+ $pkg .= "DATE=".$v_date."\n";
$fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
fwrite($fp, $pkg);
@@ -137,15 +135,18 @@ if (!empty($_POST['ok'])) {
// Add new package
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-user-package', [$tmpdir, $v_package]);
+ exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
- // Remove tmpdir
- safe_exec('rm', ['-rf', $tmpdir]);
+ // Remove tmpdir
+ exec ('rm -rf '.$tmpdir, $output, $return_var);
+ unset($output);
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
- $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK', htmlentities($_POST['v_package']), htmlentities($_POST['v_package']));
+ $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',htmlentities($_POST['v_package']),htmlentities($_POST['v_package']));
unset($v_package);
}
@@ -159,28 +160,33 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// List web temmplates
-v_exec('v-list-web-templates', ['json'], false, $output);
-$web_templates = json_decode($output, true);
+exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
+$web_templates = json_decode(implode('', $output), true);
+unset($output);
// List web templates for backend
if (!empty($_SESSION['WEB_BACKEND'])) {
- v_exec('v-list-web-templates-backend', ['json'], false, $output);
- $backend_templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
+ $backend_templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List web templates for proxy
if (!empty($_SESSION['PROXY_SYSTEM'])) {
- v_exec('v-list-web-templates-proxy', ['json'], false, $output);
- $proxy_templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+ $proxy_templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List DNS templates
-v_exec('v-list-dns-templates', ['json'], false, $output);
-$dns_templates = json_decode($output, true);
+exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+$dns_templates = json_decode(implode('', $output), true);
+unset($output);
// List system shells
-v_exec('v-list-sys-shells', ['json'], false, $output);
-$shells = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+$shells = json_decode(implode('', $output), true);
+unset($output);
// Set default values
if (empty($v_web_template)) $v_web_template = 'default';
@@ -188,17 +194,17 @@ if (empty($v_backend_template)) $v_backend_template = 'default';
if (empty($v_proxy_template)) $v_proxy_template = 'default';
if (empty($v_dns_template)) $v_dns_template = 'default';
if (empty($v_shell)) $v_shell = 'nologin';
-if (empty($v_web_domains)) $v_web_domains = '1';
-if (empty($v_web_aliases)) $v_web_aliases = '1';
-if (empty($v_dns_domains)) $v_dns_domains = '1';
-if (empty($v_dns_records)) $v_dns_records = '1';
-if (empty($v_mail_domains)) $v_mail_domains = '1';
-if (empty($v_mail_accounts)) $v_mail_accounts = '1';
-if (empty($v_databases)) $v_databases = '1';
-if (empty($v_cron_jobs)) $v_cron_jobs = '1';
-if (empty($v_backups)) $v_backups = '1';
-if (empty($v_disk_quota)) $v_disk_quota = '1000';
-if (empty($v_bandwidth)) $v_bandwidth = '1000';
+if (empty($v_web_domains)) $v_web_domains = "'1'";
+if (empty($v_web_aliases)) $v_web_aliases = "'1'";
+if (empty($v_dns_domains)) $v_dns_domains = "'1'";
+if (empty($v_dns_records)) $v_dns_records = "'1'";
+if (empty($v_mail_domains)) $v_mail_domains = "'1'";
+if (empty($v_mail_accounts)) $v_mail_accounts = "'1'";
+if (empty($v_databases)) $v_databases = "'1'";
+if (empty($v_cron_jobs)) $v_cron_jobs = "'1'";
+if (empty($v_backups)) $v_backups = "'1'";
+if (empty($v_disk_quota)) $v_disk_quota = "'1000'";
+if (empty($v_bandwidth)) $v_bandwidth = "'1000'";
if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';
diff --git a/web/add/user/index.php b/web/add/user/index.php
index 434dd6746..26de10209 100644
--- a/web/add/user/index.php
+++ b/web/add/user/index.php
@@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -48,15 +48,16 @@ if (!empty($_POST['ok'])) {
// Check password length
if (empty($_SESSION['error_msg'])) {
$pw_len = strlen($_POST['v_password']);
- if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg);
+ if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
}
- $v_username = $_POST['v_username'];
- $v_email = $_POST['v_email'];
- $v_package = $_POST['v_package'];
- $v_language = $_POST['v_language'];
- $v_fname = $_POST['v_fname'];
- $v_lname = $_POST['v_lname'];
+ // Protect input
+ $v_username = escapeshellarg($_POST['v_username']);
+ $v_email = escapeshellarg($_POST['v_email']);
+ $v_package = escapeshellarg($_POST['v_package']);
+ $v_language = escapeshellarg($_POST['v_language']);
+ $v_fname = escapeshellarg($_POST['v_fname']);
+ $v_lname = escapeshellarg($_POST['v_lname']);
$v_notify = $_POST['v_notify'];
@@ -66,14 +67,18 @@ if (!empty($_POST['ok'])) {
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- v_exec('v-add-user', [$v_username, $v_password, $v_email, $v_package, $v_fname, $v_lname]);
+ exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_password);
- $v_password = $_POST['v_password'];
+ $v_password = escapeshellarg($_POST['v_password']);
}
// Set language
if (empty($_SESSION['error_msg'])) {
- v_exec('v-change-user-language', [$v_username, $v_language]);
+ exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Send email to the new user
@@ -81,6 +86,7 @@ if (!empty($_POST['ok'])) {
$to = $_POST['v_notify'];
$subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
$hostname = exec('hostname');
+ unset($output);
$from = _translate($_POST['v_language'],'MAIL_FROM',$hostname);
if (!empty($_POST['v_fname'])) {
$mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']);
@@ -112,13 +118,15 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// List hosting packages
-$return_var = v_exec('v-list-user-packages', ['json'], false, $output);
+exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
check_error($return_var);
-$data = json_decode($output, true);
+$data = json_decode(implode('', $output), true);
+unset($output);
// List languages
-v_exec('v-list-sys-languages', ['json'], false, $output);
-$languages = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+$languages = json_decode(implode('', $output), true);
+unset($output);
// Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');
diff --git a/web/add/web/index.php b/web/add/web/index.php
index faa88d182..612ae547b 100644
--- a/web/add/web/index.php
+++ b/web/add/web/index.php
@@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check for empty fields
@@ -42,10 +42,11 @@ if (!empty($_POST['ok'])) {
// Set domain to lowercase and remove www prefix
$v_domain = preg_replace("/^www\./i", "", $_POST['v_domain']);
+ $v_domain = escapeshellarg($v_domain);
$v_domain = strtolower($v_domain);
// Define domain ip address
- $v_ip = $_POST['v_ip'];
+ $v_ip = escapeshellarg($_POST['v_ip']);
// Define domain aliases
$v_aliases = $_POST['v_aliases'];
@@ -53,10 +54,11 @@ if (!empty($_POST['ok'])) {
$aliases = preg_replace("/\r/", ",", $aliases);
$aliases = preg_replace("/\t/", ",", $aliases);
$aliases = preg_replace("/ /", ",", $aliases);
- $aliases_arr = explode(',', $aliases);
+ $aliases_arr = explode(",", $aliases);
$aliases_arr = array_unique($aliases_arr);
$aliases_arr = array_filter($aliases_arr);
- $aliases = implode(',', $aliases_arr);
+ $aliases = implode(",",$aliases_arr);
+ $aliases = escapeshellarg($aliases);
// Define proxy extentions
$v_proxy_ext = $_POST['v_proxy_ext'];
@@ -64,10 +66,11 @@ if (!empty($_POST['ok'])) {
$proxy_ext = preg_replace("/\r/", ",", $proxy_ext);
$proxy_ext = preg_replace("/\t/", ",", $proxy_ext);
$proxy_ext = preg_replace("/ /", ",", $proxy_ext);
- $proxy_ext_arr = explode(',', $proxy_ext);
+ $proxy_ext_arr = explode(",", $proxy_ext);
$proxy_ext_arr = array_unique($proxy_ext_arr);
$proxy_ext_arr = array_filter($proxy_ext_arr);
- $proxy_ext = implode(',', $proxy_ext_arr);
+ $proxy_ext = implode(",",$proxy_ext_arr);
+ $proxy_ext = escapeshellarg($proxy_ext);
// Define other options
$v_elog = $_POST['v_elog'];
@@ -76,7 +79,7 @@ if (!empty($_POST['ok'])) {
$v_ssl_key = $_POST['v_ssl_key'];
$v_ssl_ca = $_POST['v_ssl_ca'];
$v_ssl_home = $data[$v_domain]['SSL_HOME'];
- $v_stats = $_POST['v_stats'];
+ $v_stats = escapeshellarg($_POST['v_stats']);
$v_stats_user = $data[$v_domain]['STATS_USER'];
$v_stats_password = $data[$v_domain]['STATS_PASSWORD'];
$v_ftp = $_POST['v_ftp'];
@@ -101,32 +104,44 @@ if (!empty($_POST['ok'])) {
// Add web domain
if (empty($_SESSION['error_msg'])) {
- v_exec('v-add-web-domain', [$user, $v_domain, $v_ip, 'no', $aliases, $proxy_ext]);
+ exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$domain_added = empty($_SESSION['error_msg']);
}
// Add DNS domain
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-dns-domain', [$user, $v_domain, $v_ip]);
+ exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Add DNS for domain aliases
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
foreach ($aliases_arr as $alias) {
- if ($alias != 'www.' . $_POST['v_domain']) {
- v_exec('v-add-dns-on-web-alias', [$user, $alias, $v_ip, 'no']);
+ if ($alias != "www.".$_POST['v_domain']) {
+ $alias = escapeshellarg($alias);
+ exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
}
// Add mail domain
if (($_POST['v_mail'] == 'on') && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-mail-domain', [$user, $v_domain]);
+ exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-web-domain-proxy', [$user, $v_domain, 'no']);
+ $ext = escapeshellarg($ext);
+ exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Add SSL certificates
@@ -159,46 +174,60 @@ if (!empty($_POST['ok'])) {
fclose($fp);
}
- $v_ssl_home = $_POST['v_ssl_home'];
- v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
+ $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
+ exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Add web stats
if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) {
- $v_stats = $_POST['v_stats'];
- v_exec('v-add-web-domain-stats', [$user, $v_domain, $v_stats]);
+ $v_stats = escapeshellarg($_POST['v_stats']);
+ exec (VESTA_CMD."v-add-web-domain-stats ".$user." ".$v_domain." ".$v_stats, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Add web stats password
if ((!empty($_POST['v_stats_user'])) && (empty($_SESSION['error_msg']))) {
- $v_stats_user = $_POST['v_stats_user'];
+ $v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
- v_exec('v-add-web-domain-stats-user', [$user, $v_domain, $v_stats_user, $v_stats_password]);
+ exec (VESTA_CMD."v-add-web-domain-stats-user ".$user." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_stats_password);
- $v_stats_password = $_POST['v_stats_password'];
+ $v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
// Restart DNS server
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-dns');
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Restart web server
if (empty($_SESSION['error_msg'])) {
- v_exec('v-restart-web');
+ exec (VESTA_CMD."v-restart-web", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Restart backend server
//if ((!empty($_SESSION['WEB_BACKEND'])) && (empty($_SESSION['error_msg']))) {
- // v_exec('v-restart-backend');
+ // exec (VESTA_CMD."v-restart-web-backend", $output, $return_var);
+ // check_return_code($return_var,$output);
+ // unset($output);
//}
// Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'on') && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-proxy');
+ exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Add FTP
@@ -236,19 +265,22 @@ if (!empty($_POST['ok'])) {
$v_ftp_user_data['v_ftp_user'] = preg_replace("/^".$user."_/i", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
+ $v_ftp_user = escapeshellarg($v_ftp_user_data['v_ftp_user']);
if ($domain_added) {
- $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
+ $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
$v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
- v_exec('v-add-web-domain-ftp', [$user, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
+ exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_ftp_password);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email'];
- $subject = __('FTP login credentials');
- $from = __('MAIL_FROM', $_POST['v_domain']);
- $mailtext = __('FTP_ACCOUNT_READY', $_POST['v_domain'], $user, $v_ftp_username, $v_ftp_user_data['v_ftp_password']);
+ $subject = __("FTP login credentials");
+ $from = __('MAIL_FROM',$_POST['v_domain']);
+ $mailtext = __('FTP_ACCOUNT_READY',$_POST['v_domain'],$user,$v_ftp_user_data['v_ftp_user'],$v_ftp_user_data['v_ftp_password']);
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
@@ -257,13 +289,13 @@ if (!empty($_POST['ok'])) {
}
if ($return_var == 0) {
- $v_ftp_password = '••••••••';
+ $v_ftp_password = "••••••••";
$v_ftp_user_data['is_new'] = 0;
} else {
$v_ftp_user_data['is_new'] = 1;
}
- $v_ftp_username = preg_replace("/^{$user}_/", '', $v_ftp_user_data['v_ftp_user']);
+ $v_ftp_username = preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
$v_ftp_users_updated[] = array(
'is_new' => $v_ftp_user_data['is_new'],
'v_ftp_user' => $return_var == 0 ? $v_ftp_username_full : $v_ftp_username,
@@ -279,8 +311,8 @@ if (!empty($_POST['ok'])) {
if (!empty($_SESSION['error_msg']) && $domain_added) {
$_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
$_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
- $url = '/edit/web/?domain=' . strtolower(preg_replace('/^www\./i', '', $_POST['v_domain']));
- header("Location: $url");
+ $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain']));
+ header('Location: ' . $url);
exit;
}
}
@@ -312,12 +344,14 @@ $v_ftp_user_prepath = $panel[$user]['HOME'] . "/web";
$v_ftp_email = $panel[$user]['CONTACT'];
// List IP addresses
-v_exec('v-list-user-ips', [$user, 'json'], false, $output);
-$ips = json_decode($output, true);
+exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
+$ips = json_decode(implode('', $output), true);
+unset($output);
// List web stat engines
-v_exec('v-list-web-stats', ['json'], false, $output);
-$stats = json_decode($output, true);
+exec (VESTA_CMD."v-list-web-stats json", $output, $return_var);
+$stats = json_decode(implode('', $output), true);
+unset($output);
// Display body
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_web.html');
diff --git a/web/api/index.php b/web/api/index.php
index 928f950df..97f082594 100644
--- a/web/api/index.php
+++ b/web/api/index.php
@@ -2,6 +2,7 @@
define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');
if (isset($_POST['user']) || isset($_POST['hash'])) {
+
// Authentication
$auth_code = 1;
if (empty($_POST['hash'])) {
@@ -11,18 +12,18 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
exit;
}
- $v_user = $_POST['user'];
+ $v_user = escapeshellarg($_POST['user']);
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
- $v_ip_addr = $_SERVER['REMOTE_ADDR'];
- $auth_code = v_exec('v-check-user-password', [$v_user, $v_password, $v_ip_addr], false);
+ $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
+ exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
unlink($v_password);
} else {
$key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
if (file_exists($key) && is_file($key)) {
- $auth_code = 0;
+ $auth_code = '0';
}
}
@@ -32,17 +33,37 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
}
// Prepare arguments
- $args = [];
- if (isset($_POST['cmd'])) $cmd = $_POST['cmd'];
- if (isset($_POST['arg1'])) $args[] = $_POST['arg1'];
- if (isset($_POST['arg2'])) $args[] = $_POST['arg2'];
- if (isset($_POST['arg3'])) $args[] = $_POST['arg3'];
- if (isset($_POST['arg4'])) $args[] = $_POST['arg4'];
- if (isset($_POST['arg5'])) $args[] = $_POST['arg5'];
- if (isset($_POST['arg6'])) $args[] = $_POST['arg6'];
- if (isset($_POST['arg7'])) $args[] = $_POST['arg7'];
- if (isset($_POST['arg8'])) $args[] = $_POST['arg8'];
- if (isset($_POST['arg9'])) $args[] = $_POST['arg9'];
+ if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
+ if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);
+ if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']);
+ if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']);
+ if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']);
+ if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']);
+ if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']);
+ if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']);
+ if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']);
+ if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']);
+
+ // Build query
+ $cmdquery = VESTA_CMD.$cmd." ";
+ if(!empty($arg1)){
+ $cmdquery = $cmdquery.$arg1." "; }
+ if(!empty($arg2)){
+ $cmdquery = $cmdquery.$arg2." "; }
+ if(!empty($arg3)){
+ $cmdquery = $cmdquery.$arg3." "; }
+ if(!empty($arg4)){
+ $cmdquery = $cmdquery.$arg4." "; }
+ if(!empty($arg5)){
+ $cmdquery = $cmdquery.$arg5." "; }
+ if(!empty($arg6)){
+ $cmdquery = $cmdquery.$arg6." "; }
+ if(!empty($arg7)){
+ $cmdquery = $cmdquery.$arg7." "; }
+ if(!empty($arg8)){
+ $cmdquery = $cmdquery.$arg8." "; }
+ if(!empty($arg9)){
+ $cmdquery = $cmdquery.$arg9; }
// Check command
if ($cmd == "'v-make-tmp-file'") {
@@ -53,7 +74,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
$return_var = 0;
} else {
// Run normal cmd query
- $return_var = v_exec($cmd, $args, false, $output);
+ exec ($cmdquery, $output, $return_var);
}
if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) {
@@ -62,7 +83,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
if (($return_var == 0) && (empty($output))) {
echo "OK";
} else {
- echo $output . "\n";
+ echo implode("\n",$output)."\n";
}
}
}
diff --git a/web/bulk/backup/exclusions/index.php b/web/bulk/backup/exclusions/index.php
index 56e412617..4d0e43933 100644
--- a/web/bulk/backup/exclusions/index.php
+++ b/web/bulk/backup/exclusions/index.php
@@ -16,7 +16,8 @@ switch ($action) {
}
foreach ($backup as $value) {
- v_exec($cmd, [$user, $value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
}
header("Location: /list/backup/exclusions");
diff --git a/web/bulk/backup/index.php b/web/bulk/backup/index.php
index 6c0095520..f191dfe2a 100644
--- a/web/bulk/backup/index.php
+++ b/web/bulk/backup/index.php
@@ -12,7 +12,7 @@ $action = $_POST['action'];
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
switch ($action) {
@@ -22,7 +22,8 @@ switch ($action) {
}
foreach ($backup as $value) {
- v_exec($cmd, [$user, $value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
}
header("Location: /list/backup/");
diff --git a/web/bulk/cron/index.php b/web/bulk/cron/index.php
index 191ad3c83..0beb49083 100644
--- a/web/bulk/cron/index.php
+++ b/web/bulk/cron/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$job = $_POST['job'];
@@ -24,15 +24,19 @@ if ($_SESSION['user'] == 'admin') {
case 'unsuspend': $cmd='v-unsuspend-cron-job';
break;
case 'delete-cron-reports': $cmd='v-delete-cron-reports';
- v_exec($cmd, [$user], false);
+ exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled');
+ unset($output);
header("Location: /list/cron/");
exit;
+ break;
case 'add-cron-reports': $cmd='v-add-cron-reports';
- v_exec($cmd, [$user], false);
+ exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
+ unset($output);
header("Location: /list/cron/");
exit;
+ break;
default: header("Location: /list/cron/"); exit;
}
} else {
@@ -40,26 +44,31 @@ if ($_SESSION['user'] == 'admin') {
case 'delete': $cmd='v-delete-cron-job';
break;
case 'delete-cron-reports': $cmd='v-delete-cron-reports';
- v_exec($cmd, [$user], false);
+ exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled');
+ unset($output);
header("Location: /list/cron/");
exit;
+ break;
case 'add-cron-reports': $cmd='v-add-cron-reports';
- v_exec($cmd, [$user], false);
+ exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
+ unset($output);
header("Location: /list/cron/");
exit;
+ break;
default: header("Location: /list/cron/"); exit;
}
}
foreach ($job as $value) {
- v_exec($cmd, [$user, $value, 'no'], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
$restart = 'yes';
}
if (!empty($restart)) {
- v_exec('v-restart-cron', [], false);
+ exec (VESTA_CMD."v-restart-cron", $output, $return_var);
}
header("Location: /list/cron/");
diff --git a/web/bulk/db/index.php b/web/bulk/db/index.php
index c9e1f55a0..15361be4b 100644
--- a/web/bulk/db/index.php
+++ b/web/bulk/db/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$database = $_POST['database'];
@@ -34,7 +34,8 @@ if ($_SESSION['user'] == 'admin') {
}
foreach ($database as $value) {
- v_exec($cmd, [$user, $value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
}
header("Location: /list/db/");
diff --git a/web/bulk/dns/index.php b/web/bulk/dns/index.php
index 81ba40bb4..d7fe0a292 100644
--- a/web/bulk/dns/index.php
+++ b/web/bulk/dns/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$domain = $_POST['domain'];
@@ -58,22 +58,25 @@ if ($_SESSION['user'] == 'admin') {
if (empty($record)) {
foreach ($domain as $value) {
// DNS
- v_exec($cmd, [$user, $value, 'no'], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
$restart = 'yes';
}
} else {
foreach ($record as $value) {
// DNS Record
- v_exec($cmd, [$user, $domain, $value, 'no'], false);
+ $value = escapeshellarg($value);
+ $dom = escapeshellarg($domain);
+ exec (VESTA_CMD.$cmd." ".$user." ".$dom." ".$value." no", $output, $return_var);
$restart = 'yes';
}
}
if (!empty($restart)) {
- v_exec('v-restart-dns', [], false);
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
}
-if (empty($record)) {
+if (empty($record)) {
header("Location: /list/dns/");
exit;
} else {
diff --git a/web/bulk/firewall/banlist/index.php b/web/bulk/firewall/banlist/index.php
index b61652ee4..fe7308a53 100644
--- a/web/bulk/firewall/banlist/index.php
+++ b/web/bulk/firewall/banlist/index.php
@@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check user
@@ -22,7 +22,10 @@ if ($_SESSION['user'] != 'admin') {
$ipchain = $_POST['ipchain'];
/*if (!empty($_POST['ipchain'])) {
$ipchain = $_POST['ipchain'];
- list($ip, $chain) = explode(':', $ipchain);
+ list($ip,$chain) = split(":",$ipchain);
+ $v_ip = escapeshellarg($ip);
+ $v_chain = escapeshellarg($chain);
+
}*/
$action = $_POST['action'];
@@ -34,8 +37,10 @@ switch ($action) {
}
foreach ($ipchain as $value) {
- list($ip, $chain) = explode(':', $value);
- v_exec($cmd, [$ip, $chain], false);
+ list($ip,$chain) = split(":",$value);
+ $v_ip = escapeshellarg($ip);
+ $v_chain = escapeshellarg($chain);
+ exec (VESTA_CMD.$cmd." ".$v_ip." ".$v_chain, $output, $return_var);
}
header("Location: /list/firewall/banlist");
diff --git a/web/bulk/firewall/index.php b/web/bulk/firewall/index.php
index 32c6b5e30..6f076cb81 100644
--- a/web/bulk/firewall/index.php
+++ b/web/bulk/firewall/index.php
@@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check user
@@ -34,7 +34,8 @@ switch ($action) {
}
foreach ($rule as $value) {
- v_exec($cmd, [$value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
$restart = 'yes';
}
diff --git a/web/bulk/ip/index.php b/web/bulk/ip/index.php
index 5fd779ff1..4f1705403 100644
--- a/web/bulk/ip/index.php
+++ b/web/bulk/ip/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$ip = $_POST['ip'];
@@ -17,11 +17,11 @@ $action = $_POST['action'];
if ($_SESSION['user'] == 'admin') {
switch ($action) {
- case 'reread IP': $cmd = 'v-update-sys-ip';
- v_exec($cmd, [], false);
- header('Location: /list/ip/');
- exit;
- case 'delete': $cmd = 'v-delete-sys-ip';
+ case 'reread IP': exec(VESTA_CMD."v-update-sys-ip", $output, $return_var);
+ header("Location: /list/ip/");
+ exit;
+ break;
+ case 'delete': $cmd='v-delete-sys-ip';
break;
default: header("Location: /list/ip/"); exit;
}
@@ -31,7 +31,8 @@ if ($_SESSION['user'] == 'admin') {
}
foreach ($ip as $value) {
- v_exec($cmd, [$value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
}
header("Location: /list/ip/");
diff --git a/web/bulk/mail/index.php b/web/bulk/mail/index.php
index 21cb0a6b5..c526c9e0e 100644
--- a/web/bulk/mail/index.php
+++ b/web/bulk/mail/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$domain = $_POST['domain'];
@@ -58,18 +58,21 @@ if ($_SESSION['user'] == 'admin') {
if (empty($account)) {
foreach ($domain as $value) {
// Mail
- v_exec($cmd, [$user, $value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
$restart = 'yes';
}
} else {
foreach ($account as $value) {
// Mail Account
- v_exec($cmd, [$user, $domain, $value], false);
+ $value = escapeshellarg($value);
+ $dom = escapeshellarg($domain);
+ exec (VESTA_CMD.$cmd." ".$user." ".$dom." ".$value, $output, $return_var);
$restart = 'yes';
}
}
-if (empty($account)) {
+if (empty($account)) {
header("Location: /list/mail/");
exit;
} else {
diff --git a/web/bulk/package/index.php b/web/bulk/package/index.php
index 95eef7bb2..32e36e936 100644
--- a/web/bulk/package/index.php
+++ b/web/bulk/package/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$package = $_POST['package'];
@@ -27,7 +27,8 @@ if ($_SESSION['user'] == 'admin') {
}
foreach ($package as $value) {
- v_exec($cmd, [$value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
$restart = 'yes';
}
diff --git a/web/bulk/restore/index.php b/web/bulk/restore/index.php
index c3dd7b360..3bc048414 100644
--- a/web/bulk/restore/index.php
+++ b/web/bulk/restore/index.php
@@ -9,11 +9,11 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$action = $_POST['action'];
-$backup = $_POST['backup'];
+$backup = escapeshellarg($_POST['backup']);
$web = 'no';
$dns = 'no';
@@ -22,22 +22,25 @@ $db = 'no';
$cron = 'no';
$udir = 'no';
-if (!empty($_POST['web'])) $web = implode(',', $_POST['web']);
-if (!empty($_POST['dns'])) $dns = implode(',', $_POST['dns']);
-if (!empty($_POST['mail'])) $mail = implode(',', $_POST['mail']);
-if (!empty($_POST['db'])) $db = implode(',', $_POST['db']);
+if (!empty($_POST['web'])) $web = escapeshellarg(implode(",",$_POST['web']));
+if (!empty($_POST['dns'])) $dns = escapeshellarg(implode(",",$_POST['dns']));
+if (!empty($_POST['mail'])) $mail = escapeshellarg(implode(",",$_POST['mail']));
+if (!empty($_POST['db'])) $db = escapeshellarg(implode(",",$_POST['db']));
if (!empty($_POST['cron'])) $cron = 'yes';
-if (!empty($_POST['udir'])) $udir = implode(',', $_POST['udir']);
+if (!empty($_POST['udir'])) $udir = escapeshellarg(implode(",",$_POST['udir']));
if ($action == 'restore') {
- $return_var = v_exec('v-schedule-user-restore', [$user, $backup, $web, $dns, $mail, $db, $cron, $udir]);
- switch ($return_var) {
- case 0:
- $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
- break;
- case 4:
+ exec (VESTA_CMD."v-schedule-user-restore ".$user." ".$backup." ".$web." ".$dns." ".$mail." ".$db." ".$cron." ".$udir, $output, $return_var);
+ if ($return_var == 0) {
+ $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
+ } else {
+ $_SESSION['error_msg'] = implode('
', $output);
+ if (empty($_SESSION['error_msg'])) {
+ $_SESSION['error_msg'] = __('Error: vesta did not return any output.');
+ }
+ if ($return_var == 4) {
$_SESSION['error_msg'] = __('RESTORE_EXISTS');
- break;
+ }
}
}
diff --git a/web/bulk/service/index.php b/web/bulk/service/index.php
index 8ed4fca23..70ce660c7 100644
--- a/web/bulk/service/index.php
+++ b/web/bulk/service/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$service = $_POST['service'];
@@ -27,14 +27,16 @@ if ($_SESSION['user'] == 'admin') {
}
if ((!empty($_POST['system'])) && ($action == 'restart')) {
- v_exec('v-restart-system', ['yes'], false);
+ exec (VESTA_CMD."v-restart-system yes", $output, $return_var);
$_SESSION['error_srv'] = 'The system is going down for reboot NOW!';
+ unset($output);
header("Location: /list/server/");
exit;
}
foreach ($service as $value) {
- v_exec($cmd, [$value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
}
}
diff --git a/web/bulk/user/index.php b/web/bulk/user/index.php
index 28c9459e1..5d42fbfd9 100644
--- a/web/bulk/user/index.php
+++ b/web/bulk/user/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$user = $_POST['user'];
@@ -48,14 +48,15 @@ if ($_SESSION['user'] == 'admin') {
}
foreach ($user as $value) {
- v_exec($cmd, [$value, $restart], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$value." ".$restart, $output, $return_var);
$changes = 'yes';
}
if ((!empty($restart)) && (!empty($changes))) {
- v_exec('v-restart-web', [], false);
- v_exec('v-restart-dns', [], false);
- v_exec('v-restart-cron', [], false);
+ exec (VESTA_CMD."v-restart-web", $output, $return_var);
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+ exec (VESTA_CMD."v-restart-cron", $output, $return_var);
}
header("Location: /list/user/");
diff --git a/web/bulk/vesta/index.php b/web/bulk/vesta/index.php
index 3ab537485..c909f83e3 100644
--- a/web/bulk/vesta/index.php
+++ b/web/bulk/vesta/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
@@ -23,7 +23,8 @@ if ($_SESSION['user'] == 'admin') {
default: header("Location: /list/updates/"); exit;
}
foreach ($pkg as $value) {
- v_exec($cmd, [$value], false);
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
}
}
diff --git a/web/bulk/web/index.php b/web/bulk/web/index.php
index 1b7673b41..4a661a1ff 100644
--- a/web/bulk/web/index.php
+++ b/web/bulk/web/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
$domain = $_POST['domain'];
@@ -34,14 +34,15 @@ if ($_SESSION['user'] == 'admin') {
}
foreach ($domain as $value) {
- v_exec($cmd, [$user, $value, 'no'], false);
- $restart = 'yes';
+ $value = escapeshellarg($value);
+ exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
+ $restart='yes';
}
if (isset($restart)) {
- v_exec('v-restart-web', [], false);
- v_exec('v-restart-proxy', [], false);
- v_exec('v-restart-dns', [], false);
+ exec (VESTA_CMD."v-restart-web", $output, $return_var);
+ exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
}
header("Location: /list/web/");
diff --git a/web/delete/backup/exclusion/index.php b/web/delete/backup/exclusion/index.php
index 5e3d9cf30..29ad3bd58 100644
--- a/web/delete/backup/exclusion/index.php
+++ b/web/delete/backup/exclusion/index.php
@@ -6,17 +6,20 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
if (!empty($_GET['system'])) {
- $v_system = $_GET['system'];
- v_exec('v-delete-user-backup-exclusions', [$user, $v_system]);
+ $v_username = escapeshellarg($user);
+ $v_system = escapeshellarg($_GET['system']);
+ exec (VESTA_CMD."v-delete-user-backup-exclusions ".$v_username." ".$v_system, $output, $return_var);
}
+check_return_code($return_var,$output);
+unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/backup/index.php b/web/delete/backup/index.php
index 9546a3361..33f492268 100644
--- a/web/delete/backup/index.php
+++ b/web/delete/backup/index.php
@@ -6,23 +6,26 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if (!empty($_GET['backup'])) {
- $v_backup = $_GET['backup'];
- v_exec('v-delete-user-backup', [$user, $v_backup]);
+ $v_username = escapeshellarg($user);
+ $v_backup = escapeshellarg($_GET['backup']);
+ exec (VESTA_CMD."v-delete-user-backup ".$v_username." ".$v_backup, $output, $return_var);
}
+check_return_code($return_var,$output);
+unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/cron/autoupdate/index.php b/web/delete/cron/autoupdate/index.php
index 11ea356cb..ad670ef03 100644
--- a/web/delete/cron/autoupdate/index.php
+++ b/web/delete/cron/autoupdate/index.php
@@ -6,8 +6,9 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if ($_SESSION['user'] == 'admin') {
- v_exec('v-delete-cron-vesta-autoupdate', [], false);
+ exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var);
$_SESSION['error_msg'] = __('Autoupdate has been successfully disabled');
+ unset($output);
}
header("Location: /list/updates/");
diff --git a/web/delete/cron/index.php b/web/delete/cron/index.php
index eff4ca06c..d4ca20263 100644
--- a/web/delete/cron/index.php
+++ b/web/delete/cron/index.php
@@ -6,23 +6,26 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if (!empty($_GET['job'])) {
- $v_job = $_GET['job'];
- v_exec('v-delete-cron-job', [$user, $v_job]);
+ $v_username = escapeshellarg($user);
+ $v_job = escapeshellarg($_GET['job']);
+ exec (VESTA_CMD."v-delete-cron-job ".$v_username." ".$v_job, $output, $return_var);
}
+check_return_code($return_var,$output);
+unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/cron/reports/index.php b/web/delete/cron/reports/index.php
index 1025f70e6..af7df20f2 100644
--- a/web/delete/cron/reports/index.php
+++ b/web/delete/cron/reports/index.php
@@ -5,8 +5,9 @@ ob_start();
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-v_exec('v-delete-cron-reports', [$user], false);
+exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var);
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled');
+unset($output);
header("Location: /list/cron/");
exit;
diff --git a/web/delete/db/index.php b/web/delete/db/index.php
index fa3f50460..f2088ad2b 100644
--- a/web/delete/db/index.php
+++ b/web/delete/db/index.php
@@ -6,23 +6,26 @@ session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if (!empty($_GET['database'])) {
- $v_database = $_GET['database'];
- v_exec('v-delete-database', [$user, $v_database]);
+ $v_username = escapeshellarg($user);
+ $v_database = escapeshellarg($_GET['database']);
+ exec (VESTA_CMD."v-delete-database ".$v_username." ".$v_database, $output, $return_var);
}
+check_return_code($return_var,$output);
+unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/dns/index.php b/web/delete/dns/index.php
index b89f52735..7069d0c89 100644
--- a/web/delete/dns/index.php
+++ b/web/delete/dns/index.php
@@ -7,23 +7,26 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Delete as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// DNS domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
- $v_domain = $_GET['domain'];
- v_exec('v-delete-dns-domain', [$user, $v_domain]);
+ $v_username = escapeshellarg($user);
+ $v_domain = escapeshellarg($_GET['domain']);
+ exec (VESTA_CMD."v-delete-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
header("Location: /list/dns/");
@@ -32,13 +35,15 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
// DNS record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
- $v_domain = $_GET['domain'];
- $v_record_id = $_GET['record_id'];
- v_exec('v-delete-dns-record', [$user, $v_domain, $v_record_id]);
-
+ $v_username = escapeshellarg($user);
+ $v_domain = escapeshellarg($_GET['domain']);
+ $v_record_id = escapeshellarg($_GET['record_id']);
+ exec (VESTA_CMD."v-delete-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
header("Location: /list/dns/?domain=".$_GET['domain']);
@@ -47,7 +52,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/favorite/index.php b/web/delete/favorite/index.php
index 059e8a1e6..9f471b9bd 100644
--- a/web/delete/favorite/index.php
+++ b/web/delete/favorite/index.php
@@ -5,10 +5,11 @@
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
- $v_section = $_REQUEST['v_section'];
- $v_unit_id = $_REQUEST['v_unit_id'];
+ unset($_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']]);
- unset($_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id]);
+ $v_section = escapeshellarg($_REQUEST['v_section']);
+ $v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
- v_exec('v-delete-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
+ exec (VESTA_CMD."v-delete-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var);
+// check_return_code($return_var,$output);
?>
\ No newline at end of file
diff --git a/web/delete/firewall/banlist/index.php b/web/delete/firewall/banlist/index.php
index c45c81d1b..7b30edd59 100644
--- a/web/delete/firewall/banlist/index.php
+++ b/web/delete/firewall/banlist/index.php
@@ -16,18 +16,20 @@ if ($_SESSION['user'] != 'admin') {
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) {
- $v_ip = $_GET['ip'];
- $v_chain = $_GET['chain'];
- v_exec('v-delete-firewall-ban', [$v_ip, $v_chain]);
+ $v_ip = escapeshellarg($_GET['ip']);
+ $v_chain = escapeshellarg($_GET['chain']);
+ exec (VESTA_CMD."v-delete-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
}
+check_return_code($return_var,$output);
+unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/firewall/index.php b/web/delete/firewall/index.php
index ef0211554..b6b38f0c6 100644
--- a/web/delete/firewall/index.php
+++ b/web/delete/firewall/index.php
@@ -16,17 +16,19 @@ if ($_SESSION['user'] != 'admin') {
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if (!empty($_GET['rule'])) {
- $v_rule = $_GET['rule'];
- v_exec('v-delete-firewall-rule', [$v_rule]);
+ $v_rule = escapeshellarg($_GET['rule']);
+ exec (VESTA_CMD."v-delete-firewall-rule ".$v_rule, $output, $return_var);
}
+check_return_code($return_var,$output);
+unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/ip/index.php b/web/delete/ip/index.php
index b45ef15a8..f8bcd994d 100644
--- a/web/delete/ip/index.php
+++ b/web/delete/ip/index.php
@@ -8,19 +8,22 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['ip'])) {
- $v_ip = $_GET['ip'];
- v_exec('v-delete-sys-ip', [$v_ip]);
+ $v_ip = escapeshellarg($_GET['ip']);
+ exec (VESTA_CMD."v-delete-sys-ip ".$v_ip, $output, $return_var);
}
+ check_return_code($return_var,$output);
+ unset($output);
+
}
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/mail/index.php b/web/delete/mail/index.php
index 1446ac349..8a3d87f82 100644
--- a/web/delete/mail/index.php
+++ b/web/delete/mail/index.php
@@ -7,22 +7,25 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Delete as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Mail domain
if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
- $v_domain = $_GET['domain'];
- v_exec('v-delete-mail-domain', [$user, $v_domain]);
+ $v_username = escapeshellarg($user);
+ $v_domain = escapeshellarg($_GET['domain']);
+ exec (VESTA_CMD."v-delete-mail-domain ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
header("Location: /list/mail/");
@@ -31,12 +34,15 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
// Mail account
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
- $v_domain = $_GET['domain'];
- $v_account = $_GET['account'];
- v_exec('v-delete-mail-account', [$user, $v_domain, $v_account]);
+ $v_username = escapeshellarg($user);
+ $v_domain = escapeshellarg($_GET['domain']);
+ $v_account = escapeshellarg($_GET['account']);
+ exec (VESTA_CMD."v-delete-mail-account ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
header("Location: /list/mail/?domain=".$_GET['domain']);
@@ -45,7 +51,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/notification/index.php b/web/delete/notification/index.php
index 982a37132..fa3a14f10 100644
--- a/web/delete/notification/index.php
+++ b/web/delete/notification/index.php
@@ -8,17 +8,23 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if($_GET['delete'] == 1){
- $v_id = (string)((int)$_GET['notification_id']);
- v_exec('v-delete-user-notification', [$user, $v_id]);
+ $v_username = escapeshellarg($user);
+ $v_id = escapeshellarg((int)$_GET['notification_id']);
+ exec (VESTA_CMD."v-delete-user-notification ".$v_username." ".$v_id, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
} else {
- $v_id = (string)((int)$_GET['notification_id']);
- //echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
- v_exec('v-acknowledge-user-notification', [$user, $v_id]);
+ $v_username = escapeshellarg($user);
+ $v_id = escapeshellarg((int)$_GET['notification_id']);
+ echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
+ exec (VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
exit;
diff --git a/web/delete/package/index.php b/web/delete/package/index.php
index 78f45000a..1058f495d 100644
--- a/web/delete/package/index.php
+++ b/web/delete/package/index.php
@@ -8,19 +8,21 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['package'])) {
- $v_package = $_GET['package'];
- v_exec('v-delete-user-package', [$v_package]);
+ $v_package = escapeshellarg($_GET['package']);
+ exec (VESTA_CMD."v-delete-user-package ".$v_package, $output, $return_var);
}
+ check_return_code($return_var,$output);
+ unset($output);
}
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/user/index.php b/web/delete/user/index.php
index cdd19a669..8e20b4c63 100644
--- a/web/delete/user/index.php
+++ b/web/delete/user/index.php
@@ -8,20 +8,22 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['user'])) {
- $v_username = $_GET['user'];
- v_exec('v-delete-user', [$v_username]);
+ $v_username = escapeshellarg($_GET['user']);
+ exec (VESTA_CMD."v-delete-user ".$v_username, $output, $return_var);
}
+ check_return_code($return_var,$output);
unset($_SESSION['look']);
+ unset($output);
}
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/delete/web/index.php b/web/delete/web/index.php
index 199a89523..ecf6f415c 100644
--- a/web/delete/web/index.php
+++ b/web/delete/web/index.php
@@ -8,22 +8,25 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Delete as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
}
if (!empty($_GET['domain'])) {
- $v_domain = $_GET['domain'];
- v_exec('v-delete-domain', [$user, $v_domain]);
+ $v_username = escapeshellarg($user);
+ $v_domain = escapeshellarg($_GET['domain']);
+ exec (VESTA_CMD."v-delete-domain ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
$back = $_SESSION['back'];
if (!empty($back)) {
- header("Location: $back");
+ header("Location: ".$back);
exit;
}
diff --git a/web/download/file/index.php b/web/download/file/index.php
index 662387e14..5322185b1 100644
--- a/web/download/file/index.php
+++ b/web/download/file/index.php
@@ -8,7 +8,7 @@ if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY'
$user = $_SESSION['user'];
if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
- $user = $_SESSION['look'];
+ $user=$_SESSION['look'];
}
if (!empty($_REQUEST['path'])) {
@@ -16,10 +16,10 @@ if (!empty($_REQUEST['path'])) {
header("Content-type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
header("Content-disposition: attachment;filename=".basename($path));
- // TODO: Implement `v_passthru`?
- passthru(VESTA_CMD.'v-open-fs-file '.build_shell_args([$user, $path]));
+ passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
exit;
-} else {
+}
+else {
die('File not found');
}
diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php
index 8ebbc9dbb..79b5601cd 100644
--- a/web/download/web-log/index.php
+++ b/web/download/web-log/index.php
@@ -3,20 +3,26 @@
error_reporting(NULL);
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-
$v_domain = $_GET['domain'];
+$v_domain = escapeshellarg($_GET['domain']);
if ($_GET['type'] == 'access') $type = 'access';
if ($_GET['type'] == 'error') $type = 'error';
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=".$_GET['domain'].".".$type."-log.txt");
-header("Content-Type: application/octet-stream");
+header("Content-Type: application/octet-stream; ");
header("Content-Transfer-Encoding: binary");
-$return_var = v_exec("v-list-web-domain-{$type}log", [$user, $v_domain, '5000'], false, $output);
-if ($return_var == 0) {
- echo $output . "\n";
+$v_domain = escapeshellarg($_GET['domain']);
+if ($_GET['type'] == 'access') $type = 'access';
+if ($_GET['type'] == 'error') $type = 'error';
+
+exec (VESTA_CMD."v-list-web-domain-".$type."log $user ".$v_domain." 5000", $output, $return_var);
+if ($return_var == 0 ) {
+ foreach($output as $file) {
+ echo $file . "\n";
+ }
}
?>
diff --git a/web/edit/backup/exclusions/index.php b/web/edit/backup/exclusions/index.php
index 75a2bf78a..8bac32c16 100644
--- a/web/edit/backup/exclusions/index.php
+++ b/web/edit/backup/exclusions/index.php
@@ -9,12 +9,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=escapeshellarg($_GET['user']);
}
// List backup exclustions
-v_exec('v-list-user-backup-exclusions', [$user, 'json'], true, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse web
$v_username = $user;
@@ -68,10 +70,9 @@ if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
- // TODO: Use array?
$v_web = $_POST['v_web'];
$v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
$v_web_tmp = rtrim($v_web_tmp, ",");
@@ -111,7 +112,9 @@ if (!empty($_POST['save'])) {
unset($mktemp_output);
// Save changes
- v_exec('v-update-user-backup-exclusions', [$user, $tmp]);
+ exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
// Set success message
if (empty($_SESSION['error_msg'])) {
diff --git a/web/edit/cron/index.php b/web/edit/cron/index.php
index 557ea8b03..d78b4eb6e 100644
--- a/web/edit/cron/index.php
+++ b/web/edit/cron/index.php
@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=escapeshellarg($_GET['user']);
}
// Check job id
@@ -18,14 +18,16 @@ if (empty($_GET['job'])) {
exit;
}
-$v_username = $user;
-$v_job = $_GET['job'];
-
// List cron job
-v_exec('v-list-cron-job', [$user, $v_job, 'json'], true, $output);
-$data = json_decode($output, true);
+$v_job = escapeshellarg($_GET['job']);
+exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse cron job
+$v_username = $user;
+$v_job = $_GET['job'];
$v_min = $data[$v_job]['MIN'];
$v_hour = $data[$v_job]['HOUR'];
$v_day = $data[$v_job]['DAY'];
@@ -35,25 +37,35 @@ $v_cmd = $data[$v_job]['CMD'];
$v_date = $data[$v_job]['DATE'];
$v_time = $data[$v_job]['TIME'];
$v_suspended = $data[$v_job]['SUSPENDED'];
-$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
+if ( $v_suspended == 'yes' ) {
+ $v_status = 'suspended';
+} else {
+ $v_status = 'active';
+}
// Check POST request
if (!empty($_POST['save'])) {
+
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
- $v_min = $_POST['v_min'];
- $v_hour = $_POST['v_hour'];
- $v_day = $_POST['v_day'];
- $v_month = $_POST['v_month'];
- $v_wday = $_POST['v_wday'];
- $v_cmd = $_POST['v_cmd'];
+ $v_username = $user;
+ $v_min = escapeshellarg($_POST['v_min']);
+ $v_hour = escapeshellarg($_POST['v_hour']);
+ $v_day = escapeshellarg($_POST['v_day']);
+ $v_month = escapeshellarg($_POST['v_month']);
+ $v_wday = escapeshellarg($_POST['v_wday']);
+ $v_cmd = escapeshellarg($_POST['v_cmd']);
// Save changes
- v_exec('v-change-cron-job', [$v_username, $v_job, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
+ exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+
+ $v_cmd = $_POST['v_cmd'];
// Set success message
if (empty($_SESSION['error_msg'])) {
diff --git a/web/edit/db/index.php b/web/edit/db/index.php
index 4a2377d10..29d358f80 100644
--- a/web/edit/db/index.php
+++ b/web/edit/db/index.php
@@ -21,40 +21,51 @@ if (empty($_GET['database'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=escapeshellarg($_GET['user']);
}
-$v_username = $user;
-$v_database = $_GET['database'];
-
// List datbase
-v_exec('v-list-database', [$user, $v_database, 'json'], true, $output);
-$data = json_decode($output, true);
+$v_database = escapeshellarg($_GET['database']);
+exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse database
+$v_username = $user;
+$v_database = $_GET['database'];
$v_dbuser = $data[$v_database]['DBUSER'];
-$v_password = '';
+$v_password = "";
$v_host = $data[$v_database]['HOST'];
$v_type = $data[$v_database]['TYPE'];
$v_charset = $data[$v_database]['CHARSET'];
$v_date = $data[$v_database]['DATE'];
$v_time = $data[$v_database]['TIME'];
$v_suspended = $data[$v_database]['SUSPENDED'];
-$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
+if ( $v_suspended == 'yes' ) {
+ $v_status = 'suspended';
+} else {
+ $v_status = 'active';
+}
// Check POST request
if (!empty($_POST['save'])) {
+ $v_username = $user;
+
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Change database user
if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
$v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
- v_exec('v-change-database-user', [$v_username, $v_database, $v_dbuser]);
- $v_dbuser = $user . '_' . $v_dbuser;
+ $v_dbuser = escapeshellarg($v_dbuser);
+ exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
}
// Change database password
@@ -63,9 +74,11 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- v_exec('v-change-database-password', [$v_username, $v_database, $v_password]);
+ exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_password);
- $v_password = $_POST['v_password'];
+ $v_password = escapeshellarg($_POST['v_password']);
}
// Set success message
diff --git a/web/edit/dns/index.php b/web/edit/dns/index.php
index f9c2a6111..6ceac64a5 100644
--- a/web/edit/dns/index.php
+++ b/web/edit/dns/index.php
@@ -15,18 +15,20 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=escapeshellarg($_GET['user']);
}
-$v_username = $user;
// List dns domain
if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
- $v_domain = $_GET['domain'];
-
- v_exec('v-list-dns-domain', [$user, $v_domain, 'json'], true, $output);
- $data = json_decode($output, true);
+ $v_domain = escapeshellarg($_GET['domain']);
+ exec (VESTA_CMD."v-list-dns-domain ".$user." ".$v_domain." json", $output, $return_var);
+ check_return_code($return_var,$output);
+ $data = json_decode(implode('', $output), true);
+ unset($output);
// Parse dns domain
+ $v_username = $user;
+ $v_domain = $_GET['domain'];
$v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL'];
$v_ttl = $data[$v_domain]['TTL'];
@@ -42,19 +44,24 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
}
// List dns templates
- v_exec('v-list-dns-templates', ['json'], false, $output);
- $templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+ $templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List dns record
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
- $v_domain = $_GET['domain'];
- $v_record_id = $_GET['record_id'];
-
- v_exec('v-list-dns-records', [$user, $v_domain, 'json'], true, $output);
- $data = json_decode($output, true);
+ $v_domain = escapeshellarg($_GET['domain']);
+ $v_record_id = escapeshellarg($_GET['record_id']);
+ exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
+ check_return_code($return_var,$output);
+ $data = json_decode(implode('', $output), true);
+ unset($output);
// Parse dns record
+ $v_username = $user;
+ $v_domain = $_GET['domain'];
+ $v_record_id = $_GET['record_id'];
$v_rec = $data[$v_record_id]['RECORD'];
$v_type = $data[$v_record_id]['TYPE'];
$v_val = $data[$v_record_id]['VALUE'];
@@ -71,51 +78,63 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
// Check POST request for dns domain
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
- $v_domain = $_POST['v_domain'];
+ $v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Change domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
- $v_ip = $_POST['v_ip'];
- v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
+ $v_ip = escapeshellarg($_POST['v_ip']);
+ exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
$restart_dns = 'yes';
+ unset($output);
}
// Change domain template
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
- $v_template = $_POST['v_template'];
- v_exec('v-change-dns-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
+ $v_template = escapeshellarg($_POST['v_template']);
+ exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
// Change SOA record
if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
- $v_soa = $_POST['v_soa'];
- v_exec('v-change-dns-domain-soa', [$v_username, $v_domain, $v_soa, 'no']);
+ $v_soa = escapeshellarg($_POST['v_soa']);
+ exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
// Change expiriation date
if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
- $v_exp = $_POST['v_exp'];
- v_exec('v-change-dns-domain-exp', [$v_username, $v_domain, $v_exp, 'no']);
+ $v_exp = escapeshellarg($_POST['v_exp']);
+ exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Change domain ttl
if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
- $v_ttl = $_POST['v_ttl'];
- v_exec('v-change-dns-domain-ttl', [$v_username, $v_domain, $v_ttl, 'no']);
+ $v_ttl = escapeshellarg($_POST['v_ttl']);
+ exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-dns');
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Set success message
@@ -130,30 +149,38 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['reco
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
- $v_domain = $_POST['v_domain'];
- $v_record_id = $_POST['v_record_id'];
+ // Protect input
+ $v_domain = escapeshellarg($_POST['v_domain']);
+ $v_record_id = escapeshellarg($_POST['v_record_id']);
// Change dns record
if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
+ $v_val = escapeshellarg($_POST['v_val']);
+ $v_priority = escapeshellarg($_POST['v_priority']);
+ exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
+ check_return_code($return_var,$output);
$v_val = $_POST['v_val'];
- $v_priority = $_POST['v_priority'];
- v_exec('v-change-dns-record', [$v_username, $v_domain, $v_record_id, $v_val, $v_priority]);
+ unset($output);
$restart_dns = 'yes';
}
// Change dns record id
if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
- $v_old_record_id = $_GET['record_id'];
- v_exec('v-change-dns-record-id', [$v_username, $v_domain, $v_old_record_id, $v_record_id]);
+ $v_old_record_id = escapeshellarg($_GET['record_id']);
+ exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-dns');
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Set success message
diff --git a/web/edit/file/index.php b/web/edit/file/index.php
index f26c2d3c8..6f7474c94 100644
--- a/web/edit/file/index.php
+++ b/web/edit/file/index.php
@@ -31,22 +31,24 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
-Error while saving file');
exit;
@@ -56,12 +58,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
}
}
- $return_var = v_exec('v-open-fs-file', [$user, $path], false, $content);
+ exec (VESTA_CMD . "v-open-fs-file {$user} ".escapeshellarg($path), $content, $return_var);
if ($return_var != 0) {
print 'Error while opening file'; // todo: handle this more styled
exit;
}
- $content = $content . "\n";
+ $content = implode("\n", $content)."\n";
} else {
$content = '';
}
diff --git a/web/edit/firewall/index.php b/web/edit/firewall/index.php
index 79de0e3e2..44346d09a 100644
--- a/web/edit/firewall/index.php
+++ b/web/edit/firewall/index.php
@@ -20,13 +20,15 @@ if (empty($_GET['rule'])) {
exit;
}
-$v_rule = $_GET['rule'];
-
// List rule
-v_exec('v-list-firewall-rule', [$v_rule, 'json'], true, $output);
-$data = json_decode($output, true);
+$v_rule = escapeshellarg($_GET['rule']);
+exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse rule
+$v_rule = $_GET['rule'];
$v_action = $data[$v_rule]['ACTION'];
$v_protocol = $data[$v_rule]['PROTOCOL'];
$v_port = $data[$v_rule]['PORT'];
@@ -35,17 +37,37 @@ $v_comment = $data[$v_rule]['COMMENT'];
$v_date = $data[$v_rule]['DATE'];
$v_time = $data[$v_rule]['TIME'];
$v_suspended = $data[$v_rule]['SUSPENDED'];
-$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
+if ( $v_suspended == 'yes' ) {
+ $v_status = 'suspended';
+} else {
+ $v_status = 'active';
+}
// Check POST request
if (!empty($_POST['save'])) {
+
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
- $v_rule = $_GET['rule'];
+ $v_rule = escapeshellarg($_GET['rule']);
+ $v_action = escapeshellarg($_POST['v_action']);
+ $v_protocol = escapeshellarg($_POST['v_protocol']);
+ $v_port = str_replace(" ",",", $_POST['v_port']);
+ $v_port = preg_replace('/\,+/', ',', $v_port);
+ $v_port = trim($v_port, ",");
+ $v_port = escapeshellarg($v_port);
+ $v_ip = escapeshellarg($_POST['v_ip']);
+ $v_comment = escapeshellarg($_POST['v_comment']);
+
+ // Change Status
+ exec (VESTA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+
+ $v_rule = $_GET['v_rule'];
$v_action = $_POST['v_action'];
$v_protocol = $_POST['v_protocol'];
$v_port = str_replace(" ",",", $_POST['v_port']);
@@ -54,9 +76,6 @@ if (!empty($_POST['save'])) {
$v_ip = $_POST['v_ip'];
$v_comment = $_POST['v_comment'];
- // Change Status
- v_exec('v-change-firewall-rule', [$v_rule, $v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
-
// Set success message
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');
diff --git a/web/edit/ip/index.php b/web/edit/ip/index.php
index 8427c3e12..bec1ae58f 100644
--- a/web/edit/ip/index.php
+++ b/web/edit/ip/index.php
@@ -19,14 +19,16 @@ if (empty($_GET['ip'])) {
exit;
}
-$v_username = $user;
-$v_ip = $_GET['ip'];
-
// List ip
-v_exec('v-list-sys-ip', [$v_ip, 'json'], true, $output);
-$data = json_decode($output, true);
+$v_ip = escapeshellarg($_GET['ip']);
+exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse ip
+$v_username = $user;
+$v_ip = $_GET['ip'];
$v_netmask = $data[$v_ip]['NETMASK'];
$v_interace = $data[$v_ip]['INTERFACE'];
$v_name = $data[$v_ip]['NAME'];
@@ -44,39 +46,51 @@ if ( $v_suspended == 'yes' ) {
}
// List users
-v_exec('v-list-sys-users', ['json'], false, $output);
-$users = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
+$users = json_decode(implode('', $output), true);
+unset($output);
// Check POST request
if (!empty($_POST['save'])) {
- $v_ip = $_POST['v_ip'];
+ $v_ip = escapeshellarg($_POST['v_ip']);
// Change Status
if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-change-sys-ip-status', [$v_ip, 'dedicated']);
- $v_dedicated = 'yes';
+ exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ $v_dedicated = 'yes';
}
if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-change-sys-ip-status', [$v_ip, 'shared']);
+ exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unset($v_dedicated);
}
// Change owner
if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) {
+ $v_owner = escapeshellarg($_POST['v_owner']);
+ exec (VESTA_CMD."v-change-sys-ip-owner ".$v_ip." ".$v_owner, $output, $return_var);
+ check_return_code($return_var,$output);
$v_owner = $_POST['v_owner'];
- v_exec('v-change-sys-ip-owner', [$v_ip, $v_owner]);
+ unset($output);
}
// Change associated domain
if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
- $v_name = $_POST['v_name'];
- v_exec('v-change-sys-ip-name', [$v_ip, $v_name]);
+ $v_name = escapeshellarg($_POST['v_name']);
+ exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Change NAT address
if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
- $v_nat = $_POST['v_nat'];
- v_exec('v-change-sys-ip-nat', [$v_ip, $v_nat]);
+ $v_nat = escapeshellarg($_POST['v_nat']);
+ exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Set success message
diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php
index 6598db903..1010b07f8 100644
--- a/web/edit/mail/index.php
+++ b/web/edit/mail/index.php
@@ -21,18 +21,19 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=escapeshellarg($_GET['user']);
}
$v_username = $user;
// List mail domain
if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
- $v_domain = $_GET['domain'];
-
- v_exec('v-list-mail-domain', [$user, $v_domain, 'json'], false, $output);
- $data = json_decode($output, true);
+ $v_domain = escapeshellarg($_GET['domain']);
+ exec (VESTA_CMD."v-list-mail-domain ".$user." ".$v_domain." json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
+ unset($output);
// Parse domain
+ $v_domain = $_GET['domain'];
$v_antispam = $data[$v_domain]['ANTISPAM'];
$v_antivirus = $data[$v_domain]['ANTIVIRUS'];
$v_dkim = $data[$v_domain]['DKIM'];
@@ -49,14 +50,17 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) {
// List mail account
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
- $v_domain = $_GET['domain'];
- $v_account = $_GET['account'];
-
- v_exec('v-list-mail-account', [$user, $v_domain, $v_account, 'json'], false, $output);
- $data = json_decode($output, true);
+ $v_domain = escapeshellarg($_GET['domain']);
+ $v_account = escapeshellarg($_GET['account']);
+ exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
+ unset($output);
// Parse mail account
- $v_password = '';
+ $v_username = $user;
+ $v_domain = $_GET['domain'];
+ $v_account = $_GET['account'];
+ $v_password = "";
$v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']);
$valiases = explode(",", $data[$v_account]['ALIAS']);
$v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']);
@@ -75,8 +79,9 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Parse autoreply
if ( $v_autoreply == 'yes' ) {
- v_exec('v-list-mail-account-autoreply', [$user, $v_domain, $v_account, 'json'], false, $output);
- $autoreply_str = json_decode($output, true);
+ exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
+ $autoreply_str = json_decode(implode('', $output), true);
+ unset($output);
$v_autoreply_message = $autoreply_str[$v_account]['MSG'];
}
}
@@ -84,68 +89,86 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
// Check POST request for mail domain
if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
- $v_domain = $_POST['v_domain'];
+ $v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Delete antispam
if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-mail-domain-antispam', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_antispam = 'no';
+ unset($output);
}
// Add antispam
if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-mail-domain-antispam', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_antispam = 'yes';
+ unset($output);
}
// Delete antivirus
if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-mail-domain-antivirus', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_antivirus = 'no';
+ unset($output);
}
// Add antivirs
if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-mail-domain-antivirus', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_antivirus = 'yes';
+ unset($output);
}
// Delete DKIM
if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-mail-domain-dkim', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_dkim = 'no';
+ unset($output);
}
// Add DKIM
if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-mail-domain-dkim', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_dkim = 'yes';
+ unset($output);
}
// Delete catchall
if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-mail-domain-catchall', [$v_username, $v_domain]);
+ exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
$v_catchall = '';
+ unset($output);
}
// Change catchall address
if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
if ($v_catchall != $_POST['v_catchall']) {
- $v_catchall = $_POST['v_catchall'];
- v_exec('v-change-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
+ $v_catchall = escapeshellarg($_POST['v_catchall']);
+ exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
// Add catchall
if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
- $v_catchall = $_POST['v_catchall'];
- v_exec('v-add-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
+ $v_catchall = escapeshellarg($_POST['v_catchall']);
+ exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Set success message
@@ -160,11 +183,11 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
- $v_domain = $_POST['v_domain'];
- $v_account = $_POST['v_account'];
+ $v_domain = escapeshellarg($_POST['v_domain']);
+ $v_account = escapeshellarg($_POST['v_account']);
// Change password
if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
@@ -172,19 +195,23 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- v_exec('v-change-mail-account-password', [$v_username, $v_domain, $v_account, $v_password]);
+ exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_password);
- $v_password = $_POST['v_password'];
+ $v_password = escapeshellarg($_POST['v_password']);;
}
// Change quota
if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
if (empty($_POST['v_quota'])) {
- $v_quota = '0';
+ $v_quota = 0;
} else {
- $v_quota = $_POST['v_quota'];
+ $v_quota = escapeshellarg($_POST['v_quota']);
}
- v_exec('v-change-mail-account-quota', [$v_username, $v_domain, $v_account, $v_quota]);
+ exec (VESTA_CMD."v-change-mail-account-quota ".$v_username." ".$v_domain." ".$v_account." ".$v_quota, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Change account aliases
@@ -198,13 +225,17 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$result = array_diff($valiases, $aliases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
- v_exec('v-delete-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
+ exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
$result = array_diff($aliases, $valiases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
- v_exec('v-add-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
+ exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
}
@@ -220,42 +251,56 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
$result = array_diff($vfwd, $fwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
- v_exec('v-delete-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
+ exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
$result = array_diff($fwd, $vfwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
- v_exec('v-add-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
+ exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
}
// Delete FWD_ONLY flag
if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
+ exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_fwd_only = '';
}
// Add FWD_ONLY flag
if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-add-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
+ exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_fwd_only = 'yes';
}
// Delete autoreply
if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-mail-account-autoreply', [$v_username, $v_domain, $v_account]);
+ exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_autoreply = 'no';
$v_autoreply_message = '';
}
// Add autoreply
if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
- if ($v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
+ if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
$v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
- v_exec('v-add-mail-account-autoreply', [$v_username, $v_domain, $v_account, $v_autoreply_message]);
+ $v_autoreply_message = escapeshellarg($v_autoreply_message);
+ exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_autoreply = 'yes';
+ $v_autoreply_message = $_POST['v_autoreply_message'];
}
}
diff --git a/web/edit/package/index.php b/web/edit/package/index.php
index 2e60abf16..e8ecaf686 100644
--- a/web/edit/package/index.php
+++ b/web/edit/package/index.php
@@ -21,13 +21,14 @@ if (empty($_GET['package'])) {
}
-$v_package = $_GET['package'];
-
// List package
-v_exec('v-list-user-package', [$v_package, 'json'], false, $output);
-$data = json_decode($output, true);
+$v_package = escapeshellarg($_GET['package']);
+exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse package
+$v_package = $_GET['package'];
$v_web_template = $data[$v_package]['WEB_TEMPLATE'];
$v_backend_template = $data[$v_package]['BACKEND_TEMPLATE'];
$v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
@@ -44,7 +45,7 @@ $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
$v_bandwidth = $data[$v_package]['BANDWIDTH'];
$v_shell = $data[$v_package]['SHELL'];
$v_ns = $data[$v_package]['NS'];
-$nameservers = explode(', ', $v_ns);
+$nameservers = explode(", ", $v_ns);
$v_ns1 = $nameservers[0];
$v_ns2 = $nameservers[1];
$v_ns3 = $nameservers[2];
@@ -56,39 +57,45 @@ $v_ns8 = $nameservers[7];
$v_backups = $data[$v_package]['BACKUPS'];
$v_date = $data[$v_package]['DATE'];
$v_time = $data[$v_package]['TIME'];
-$v_status = 'active';
+$v_status = 'active';
// List web templates
-v_exec('v-list-web-templates', ['json'], false, $output);
-$web_templates = json_decode($output, true);
+exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
+$web_templates = json_decode(implode('', $output), true);
+unset($output);
// List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) {
- v_exec('v-list-web-templates-backend', ['json'], false, $output);
- $backend_templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
+ $backend_templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) {
- v_exec('v-list-web-templates-proxy', ['json'], false, $output);
- $proxy_templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+ $proxy_templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List dns templates
-v_exec('v-list-dns-templates', ['json'], false, $output);
-$dns_templates = json_decode($output, true);
+exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+$dns_templates = json_decode(implode('', $output), true);
+unset($output);
// List shels
-v_exec('v-list-sys-shells', ['json'], false, $output);
-$shells = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+$shells = json_decode(implode('', $output), true);
+unset($output);
// Check POST request
if (!empty($_POST['save'])) {
+
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Check empty fields
@@ -126,10 +133,8 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
- $v_package = $_POST['v_package'];
-
// Protect input
- // TODO: Use array?
+ $v_package = escapeshellarg($_POST['v_package']);
$v_web_template = escapeshellarg($_POST['v_web_template']);
if (!empty($_SESSION['WEB_BACKEND'])) {
$v_backend_template = escapeshellarg($_POST['v_backend_template']);
@@ -194,18 +199,23 @@ if (!empty($_POST['save'])) {
$pkg .= "BACKUPS=".$v_backups."\n";
$pkg .= "TIME=".$v_time."\n";
$pkg .= "DATE=".$v_date."\n";
- $fp = fopen("$tmpdir/$v_package.pkg", 'w');
+ $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
fwrite($fp, $pkg);
fclose($fp);
// Save changes
- v_exec('v-add-user-package', [$tmpdir, $v_package, 'yes']);
+ exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
// Remove temporary dir
- safe_exec('rm', ['-rf', $tmpdir]);
+ exec ('rm -rf '.$tmpdir, $output, $return_var);
+ unset($output);
// Propogate new package
- v_exec('v-update-user-package', [$v_package, 'json']);
+ exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
// Set success message
if (empty($_SESSION['error_msg'])) {
diff --git a/web/edit/server/index.php b/web/edit/server/index.php
index 1e26b4a97..a47056991 100644
--- a/web/edit/server/index.php
+++ b/web/edit/server/index.php
@@ -16,8 +16,9 @@ $v_hostname = exec('hostname');
// List available timezones and get current one
$v_timezones = list_timezones();
-v_exec('v-get-sys-timezone', [], false, $output);
-$v_timezone = strtok($output, "\n");
+exec (VESTA_CMD."v-get-sys-timezone", $output, $return_var);
+$v_timezone = $output[0];
+unset($output);
if ($v_timezone == 'Etc/UTC' ) $v_timezone = 'UTC';
if ($v_timezone == 'Pacific/Honolulu' ) $v_timezone = 'HAST';
if ($v_timezone == 'US/Aleutian' ) $v_timezone = 'HADT';
@@ -33,40 +34,51 @@ if ($v_timezone == 'America/Puerto_Rico' ) $v_timezone = 'AST';
if ($v_timezone == 'America/Halifax' ) $v_timezone = 'ADT';
// List supported languages
-v_exec('v-list-sys-languages', ['json'], false, $output);
-$languages = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+$languages = json_decode(implode('', $output), true);
+unset($output);
// List dns cluster hosts
-v_exec('v-list-remote-dns-hosts', ['json'], false, $output);
-$dns_cluster = json_decode($output, true);
-if (count($dns_cluster) >= 1) $v_dns_cluster = 'yes';
+exec (VESTA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
+$dns_cluster = json_decode(implode('', $output), true);
+unset($output);
+foreach ($dns_cluster as $key => $value) {
+ $v_dns_cluster = 'yes';
+}
// List MySQL hosts
-v_exec('v-list-database-hosts', ['mysql', 'json'], false, $output);
-$v_mysql_hosts = json_decode($output, true);
-if (count($v_mysql_hosts) >= 1) $v_mysql = 'yes';
+exec (VESTA_CMD."v-list-database-hosts mysql json", $output, $return_var);
+$v_mysql_hosts = json_decode(implode('', $output), true);
+unset($output);
+foreach ($v_mysql_hosts as $key => $value) {
+ $v_mysql = 'yes';
+}
// List PostgreSQL hosts
-v_exec('v-list-database-hosts', ['pgsql', 'json'], false, $output);
-$v_pgsql_hosts = json_decode($output, true);
-if (count($v_pgsql_hosts) >= 1) $v_psql = 'yes';
+exec (VESTA_CMD."v-list-database-hosts pgsql json", $output, $return_var);
+$v_pgsql_hosts = json_decode(implode('', $output), true);
+unset($output);
+foreach ($v_pgsql_hosts as $key => $value) {
+ $v_psql = 'yes';
+}
// List backup settings
-$v_backup_dir = '/backup';
+$v_backup_dir = "/backup";
if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
$v_backup_gzip = '5';
if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
-$backup_types = explode(',', $_SESSION['BACKUP_SYSTEM']);
+$backup_types = split(",",$_SESSION['BACKUP_SYSTEM']);
foreach ($backup_types as $backup_type) {
if ($backup_type == 'local') {
$v_backup = 'yes';
} else {
- v_exec('v-list-backup-host', [$backup_type, 'json'], false, $output);
- $v_remote_backup = json_decode($output, true);
+ exec (VESTA_CMD."v-list-backup-host ".$backup_type. " json", $output, $return_var);
+ $v_remote_backup = json_decode(implode('', $output), true);
+ unset($output);
$v_backup_host = $v_remote_backup[$backup_type]['HOST'];
$v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
$v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
- $v_backup_password = '';
+ $v_backup_password = "";
$v_backup_port = $v_remote_backup[$backup_type]['PORT'];
$v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
}
@@ -74,16 +86,19 @@ foreach ($backup_types as $backup_type) {
// Check POST request
if (!empty($_POST['save'])) {
+
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Change hostname
if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
+ exec (VESTA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_hostname = $_POST['v_hostname'];
- v_exec('v-change-sys-hostname', [$v_hostname]);
}
// Change timezone
@@ -105,8 +120,10 @@ if (!empty($_POST['save'])) {
if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax';
if ($v_timezone != $v_tz) {
+ exec (VESTA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
+ check_return_code($return_var,$output);
$v_timezone = $v_tz;
- v_exec('v-change-sys-timezone', [$v_timezone]);
+ unset($output);
}
}
}
@@ -114,7 +131,9 @@ if (!empty($_POST['save'])) {
// Change default language
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) {
- v_exec('v-change-sys-language', [$_POST['v_language']]);
+ exec (VESTA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
}
}
@@ -123,10 +142,14 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) {
if($_POST['v_quota'] == 'yes') {
- v_exec('v-add-sys-quota');
+ exec (VESTA_CMD."v-add-sys-quota", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes';
} else {
- v_exec('v-delete-sys-quota');
+ exec (VESTA_CMD."v-delete-sys-quota", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no';
}
}
@@ -138,10 +161,14 @@ if (!empty($_POST['save'])) {
if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no';
if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) {
if($_POST['v_firewall'] == 'yes') {
- v_exec('v-add-sys-firewall');
+ exec (VESTA_CMD."v-add-sys-firewall", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
} else {
- v_exec('v-delete-sys-firewall');
+ exec (VESTA_CMD."v-delete-sys-firewall", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = '';
}
}
@@ -150,7 +177,9 @@ if (!empty($_POST['save'])) {
// Update mysql pasword
if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_mysql_password'])) {
- v_exec('v-change-database-host-password', ['mysql', 'localhost', 'root', $_POST['v_mysql_password']]);
+ exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_db_adv = 'yes';
}
}
@@ -159,7 +188,9 @@ if (!empty($_POST['save'])) {
// Update webmail url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
- v_exec('v-change-sys-config-value', ['MAIL_URL', $_POST['v_mail_url']]);
+ exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_mail_adv = 'yes';
}
}
@@ -167,7 +198,9 @@ if (!empty($_POST['save'])) {
// Update phpMyAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) {
- v_exec('v-change-sys-config-value', ['DB_PMA_URL', $_POST['v_mysql_url']]);
+ exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_db_adv = 'yes';
}
}
@@ -175,15 +208,19 @@ if (!empty($_POST['save'])) {
// Update phpPgAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_psql_url'] != $_SESSION['DB_PGA_URL']) {
- v_exec('v-change-sys-config-value', ['DB_PGA_URL', $_POST['v_pgsql_url']]);
+ exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_db_adv = 'yes';
}
}
// Disable local backup
if (empty($_SESSION['error_msg'])) {
- if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) {
- v_exec('v-delete-backup-host', ['local']);
+ if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes' )) {
+ exec (VESTA_CMD."v-delete-backup-host local", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'no';
$v_backup_adv = 'yes';
}
@@ -192,7 +229,9 @@ if (!empty($_POST['save'])) {
// Enable local backups
if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
- v_exec('v-add-backup-host', ['local']);
+ exec (VESTA_CMD."v-add-backup-host local", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
$v_backup_adv = 'yes';
}
@@ -202,7 +241,9 @@ if (!empty($_POST['save'])) {
// Change backup gzip level
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
- v_exec('v-change-sys-config-value', ['BACKUP_GZIP', $_POST['v_backup_gzip']]);
+ exec (VESTA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
$v_backup_adv = 'yes';
}
@@ -211,7 +252,9 @@ if (!empty($_POST['save'])) {
// Change backup path
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_dir'] != $v_backup_dir ) {
- v_exec('v-change-sys-config-value', ['BACKUP', $_POST['v_backup_dir']]);
+ exec (VESTA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
$v_backup_adv = 'yes';
}
@@ -220,12 +263,19 @@ if (!empty($_POST['save'])) {
// Add remote backup host
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) {
- $v_backup_host = $_POST['v_backup_host'];
- $v_backup_type = $_POST['v_backup_type'];
- $v_backup_username = $_POST['v_backup_username'];
- $v_backup_password = $_POST['v_backup_password'];
- $v_backup_bpath = $_POST['v_backup_bpath'];
- v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
+ $v_backup_host = escapeshellarg($_POST['v_backup_host']);
+ $v_backup_type = escapeshellarg($_POST['v_backup_type']);
+ $v_backup_username = escapeshellarg($_POST['v_backup_username']);
+ $v_backup_password = escapeshellarg($_POST['v_backup_password']);
+ $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
+ exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
+ if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
+ if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
+ if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
+ if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_new = 'yes';
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
@@ -235,14 +285,22 @@ if (!empty($_POST['save'])) {
// Change remote backup host type
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
- v_exec('v-delete-backup-host', [$v_backup_type], false);
+ exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
+ unset($output);
- $v_backup_host = $_POST['v_backup_host'];
- $v_backup_type = $_POST['v_backup_type'];
- $v_backup_username = $_POST['v_backup_username'];
- $v_backup_password = $_POST['v_backup_password'];
- $v_backup_bpath = $_POST['v_backup_bpath'];
- v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
+ $v_backup_host = escapeshellarg($_POST['v_backup_host']);
+ $v_backup_type = escapeshellarg($_POST['v_backup_type']);
+ $v_backup_username = escapeshellarg($_POST['v_backup_username']);
+ $v_backup_password = escapeshellarg($_POST['v_backup_password']);
+ $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
+ exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
+ if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
+ if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
+ if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
+ if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@@ -252,12 +310,19 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) {
if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){
- $v_backup_host = $_POST['v_backup_host'];
- $v_backup_type = $_POST['v_backup_type'];
- $v_backup_username = $_POST['v_backup_username'];
- $v_backup_password = $_POST['v_backup_password'];
- $v_backup_bpath = $_POST['v_backup_bpath'];
- v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
+ $v_backup_host = escapeshellarg($_POST['v_backup_host']);
+ $v_backup_type = escapeshellarg($_POST['v_backup_type']);
+ $v_backup_username = escapeshellarg($_POST['v_backup_username']);
+ $v_backup_password = escapeshellarg($_POST['v_backup_password']);
+ $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
+ exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
+ if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
+ if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
+ if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
+ if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@@ -268,14 +333,14 @@ if (!empty($_POST['save'])) {
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
- v_exec('v-delete-backup-host', [$v_backup_type]);
- if (empty($_SESSION['error_msg'])) {
- $v_backup_host = '';
- $v_backup_type = '';
- $v_backup_username = '';
- $v_backup_password = '';
- $v_backup_bpath = '';
- }
+ exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ if (empty($_SESSION['error_msg'])) $v_backup_host = '';
+ if (empty($_SESSION['error_msg'])) $v_backup_type = '';
+ if (empty($_SESSION['error_msg'])) $v_backup_username = '';
+ if (empty($_SESSION['error_msg'])) $v_backup_password = '';
+ if (empty($_SESSION['error_msg'])) $v_backup_bpath = '';
$v_backup_adv = '';
$v_backup_remote_adv = '';
}
@@ -286,25 +351,29 @@ if (!empty($_POST['save'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');
}
- // Activate sftp licence
+ // activating sftp licence
if (empty($_SESSION['error_msg'])) {
- if ($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes') {
+ if($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes'){
$module = 'sftpjail';
- $licence_key = $_POST['v_sftp_licence'];
- v_exec('v-activate-vesta-license', [$module, $licence_key]);
+ $licence_key = escapeshellarg($_POST['v_sftp_licence']);
+ exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated');
- $_SESSION['SFTPJAIL_KEY'] = $licence_key;
+ $_SESSION['SFTPJAIL_KEY'] = $_POST['v_sftp_licence'];
}
}
}
- // Cancel sftp licence
+ // cancel sftp licence
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']) {
+ if($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']){
$module = 'sftpjail';
- $licence_key = $_SESSION['SFTPJAIL_KEY'];
- v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
+ $licence_key = escapeshellarg($_SESSION['SFTPJAIL_KEY']);
+ exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['SFTPJAIL_KEY']);
@@ -313,25 +382,29 @@ if (!empty($_POST['save'])) {
}
- // Activate filemanager licence
+ // activating filemanager licence
if (empty($_SESSION['error_msg'])) {
- if ($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes') {
+ if($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes'){
$module = 'filemanager';
- $licence_key = $_POST['v_filemanager_licence'];
- v_exec('v-activate-vesta-license', [$module, $licence_key]);
+ $licence_key = escapeshellarg($_POST['v_filemanager_licence']);
+ exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated');
- $_SESSION['FILEMANAGER_KEY'] = $licence_key;
+ $_SESSION['FILEMANAGER_KEY'] = $_POST['v_filemanager_licence'];
}
}
}
- // Cancel filemanager licence
+ // cancel filemanager licence
if (empty($_SESSION['error_msg'])) {
- if ($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']) {
+ if($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']){
$module = 'filemanager';
- $licence_key = $_SESSION['FILEMANAGER_KEY'];
- v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
+ $licence_key = escapeshellarg($_SESSION['FILEMANAGER_KEY']);
+ exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['FILEMANAGER_KEY']);
@@ -341,8 +414,8 @@ if (!empty($_POST['save'])) {
}
// Check system configuration
-v_exec('v-list-sys-config', ['json'], false, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value;
diff --git a/web/edit/user/index.php b/web/edit/user/index.php
index 9dd2784d6..c0ea9cd5c 100644
--- a/web/edit/user/index.php
+++ b/web/edit/user/index.php
@@ -16,18 +16,21 @@ if (empty($_GET['user'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=$_GET['user'];
+ $v_username=$_GET['user'];
} else {
- $user = $_SESSION['user'];
+ $user=$_SESSION['user'];
+ $v_username=$_SESSION['user'];
}
-$v_username = $user;
// List user
-v_exec('v-list-user', [$v_username, 'json'], true, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse user
-$v_password = '';
+$v_password = "";
$v_email = $data[$v_username]['CONTACT'];
$v_package = $data[$v_username]['PACKAGE'];
$v_language = $data[$v_username]['LANGUAGE'];
@@ -35,7 +38,7 @@ $v_fname = $data[$v_username]['FNAME'];
$v_lname = $data[$v_username]['LNAME'];
$v_shell = $data[$v_username]['SHELL'];
$v_ns = $data[$v_username]['NS'];
-$nameservers = explode(', ', $v_ns);
+$nameservers = explode(", ", $v_ns);
$v_ns1 = $nameservers[0];
$v_ns2 = $nameservers[1];
$v_ns3 = $nameservers[2];
@@ -55,25 +58,29 @@ $v_time = $data[$v_username]['TIME'];
$v_date = $data[$v_username]['DATE'];
// List packages
-v_exec('v-list-user-packages', ['json'], false, $output);
-$packages = json_decode($output, true);
+exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
+$packages = json_decode(implode('', $output), true);
+unset($output);
// List languages
-v_exec('v-list-sys-languages', ['json'], false, $output);
-$languages = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+$languages = json_decode(implode('', $output), true);
+unset($output);
// List shells
-v_exec('v-list-sys-shells', ['json'], false, $output);
-$shells = json_decode($output, true);
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+$shells = json_decode(implode('', $output), true);
+unset($output);
// Are you admin?
// Check POST request
if (!empty($_POST['save'])) {
+
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
// Change password
@@ -82,34 +89,38 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['v_password']."\n");
fclose($fp);
- v_exec('v-change-user-password', [$v_username, $v_password]);
+ exec (VESTA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_password);
- $v_password = $_POST['v_password'];
+ $v_password = escapeshellarg($_POST['v_password']);
}
// Change package (admin only)
if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
- $v_package = $_POST['v_package'];
- v_exec('v-change-user-package', [$v_username, $v_package]);
+ $v_package = escapeshellarg($_POST['v_package']);
+ exec (VESTA_CMD."v-change-user-package ".escapeshellarg($v_username)." ".$v_package, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Change language
if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
- $v_language = $_POST['v_language'];
- v_exec('v-change-user-language', [$v_username, $v_language]);
+ $v_language = escapeshellarg($_POST['v_language']);
+ exec (VESTA_CMD."v-change-user-language ".escapeshellarg($v_username)." ".$v_language, $output, $return_var);
+ check_return_code($return_var,$output);
if (empty($_SESSION['error_msg'])) {
- if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) {
- $_SESSION['language'] = $_POST['v_language'];
- }
+ if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) $_SESSION['language'] = $_POST['v_language'];
}
+ unset($output);
}
// Change shell (admin only)
- if ($_SESSION['user'] == 'admin') {
- if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
- $v_shell = $_POST['v_shell'];
- v_exec('v-change-user-shell', [$v_username, $v_shell]);
- }
+ if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
+ $v_shell = escapeshellarg($_POST['v_shell']);
+ exec (VESTA_CMD."v-change-user-shell ".escapeshellarg($v_username)." ".$v_shell, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Change contact email
@@ -117,37 +128,54 @@ if (!empty($_POST['save'])) {
if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error_msg'] = __('Please enter valid email address.');
} else {
- $v_email = $_POST['v_email'];
- v_exec('v-change-user-contact', [$v_username, $v_email]);
+ $v_email = escapeshellarg($_POST['v_email']);
+ exec (VESTA_CMD."v-change-user-contact ".escapeshellarg($v_username)." ".$v_email, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
}
// Change full name
- if ((($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) && (empty($_SESSION['error_msg']))) {
+ if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) {
+ $v_fname = escapeshellarg($_POST['v_fname']);
+ $v_lname = escapeshellarg($_POST['v_lname']);
+ exec (VESTA_CMD."v-change-user-name ".escapeshellarg($v_username)." ".$v_fname." ".$v_lname, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_fname = $_POST['v_fname'];
$v_lname = $_POST['v_lname'];
- v_exec('v-change-user-name', [$v_username, $v_fname, $v_lname]);
}
// Change NameServers
- if ((($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
- || ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8'])) && (empty($_SESSION['error_msg']))) {
- $v_ns1 = $_POST['v_ns1'];
- $v_ns2 = $_POST['v_ns2'];
- $v_ns3 = $_POST['v_ns3'];
- $v_ns4 = $_POST['v_ns4'];
- $v_ns5 = $_POST['v_ns5'];
- $v_ns6 = $_POST['v_ns6'];
- $v_ns7 = $_POST['v_ns7'];
- $v_ns8 = $_POST['v_ns8'];
- $ns_args = [$v_username, $v_ns1, $v_ns2];
- if (!empty($_POST['v_ns3'])) $ns_args[] = $v_ns3;
- if (!empty($_POST['v_ns4'])) $ns_args[] = $v_ns4;
- if (!empty($_POST['v_ns5'])) $ns_args[] = $v_ns5;
- if (!empty($_POST['v_ns6'])) $ns_args[] = $v_ns6;
- if (!empty($_POST['v_ns7'])) $ns_args[] = $v_ns7;
- if (!empty($_POST['v_ns8'])) $ns_args[] = $v_ns8;
- v_exec('v-change-user-ns', $ns_args);
+ if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
+ || ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8']) && (empty($_SESSION['error_msg']))) {
+ $v_ns1 = escapeshellarg($_POST['v_ns1']);
+ $v_ns2 = escapeshellarg($_POST['v_ns2']);
+ $v_ns3 = escapeshellarg($_POST['v_ns3']);
+ $v_ns4 = escapeshellarg($_POST['v_ns4']);
+ $v_ns5 = escapeshellarg($_POST['v_ns5']);
+ $v_ns6 = escapeshellarg($_POST['v_ns6']);
+ $v_ns7 = escapeshellarg($_POST['v_ns7']);
+ $v_ns8 = escapeshellarg($_POST['v_ns8']);
+ $ns_cmd = VESTA_CMD."v-change-user-ns ".escapeshellarg($v_username)." ".$v_ns1." ".$v_ns2;
+ if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
+ if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
+ if (!empty($_POST['v_ns5'])) $ns_cmd = $ns_cmd." ".$v_ns5;
+ if (!empty($_POST['v_ns6'])) $ns_cmd = $ns_cmd." ".$v_ns6;
+ if (!empty($_POST['v_ns7'])) $ns_cmd = $ns_cmd." ".$v_ns7;
+ if (!empty($_POST['v_ns8'])) $ns_cmd = $ns_cmd." ".$v_ns8;
+ exec ($ns_cmd, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+
+ $v_ns1 = str_replace("'","", $v_ns1);
+ $v_ns2 = str_replace("'","", $v_ns2);
+ $v_ns3 = str_replace("'","", $v_ns3);
+ $v_ns4 = str_replace("'","", $v_ns4);
+ $v_ns5 = str_replace("'","", $v_ns5);
+ $v_ns6 = str_replace("'","", $v_ns6);
+ $v_ns7 = str_replace("'","", $v_ns7);
+ $v_ns8 = str_replace("'","", $v_ns8);
}
// Set success message
diff --git a/web/edit/web/index.php b/web/edit/web/index.php
index 7fab12440..c0d1f6f80 100644
--- a/web/edit/web/index.php
+++ b/web/edit/web/index.php
@@ -16,17 +16,18 @@ if (empty($_GET['domain'])) {
// Edit as someone else?
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
- $user = $_GET['user'];
+ $user=escapeshellarg($_GET['user']);
}
-$v_username = $user;
-$v_domain = $_GET['domain'];
-
// List domain
-v_exec('v-list-web-domain', [$user, $v_domain, 'json'], false, $output);
-$data = json_decode($output, true);
+$v_domain = escapeshellarg($_GET['domain']);
+exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+unset($output);
// Parse domain
+$v_username = $user;
+$v_domain = $_GET['domain'];
$v_ip = $data[$v_domain]['IP'];
$v_template = $data[$v_domain]['TPL'];
$v_aliases = str_replace(',', "\n", $data[$v_domain]['ALIAS']);
@@ -35,9 +36,10 @@ $v_tpl = $data[$v_domain]['IP'];
$v_cgi = $data[$v_domain]['CGI'];
$v_elog = $data[$v_domain]['ELOG'];
$v_ssl = $data[$v_domain]['SSL'];
-if ($v_ssl == 'yes') {
- v_exec('v-list-web-domain-ssl', [$user, $v_domain, 'json'], false, $output);
- $ssl_str = json_decode($output, true);
+if ( $v_ssl == 'yes' ) {
+ exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var);
+ $ssl_str = json_decode(implode('', $output), true);
+ unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT'];
$v_ssl_key = $ssl_str[$v_domain]['KEY'];
$v_ssl_ca = $ssl_str[$v_domain]['CA'];
@@ -49,10 +51,10 @@ $v_proxy_template = $data[$v_domain]['PROXY'];
$v_proxy_ext = str_replace(',', ', ', $data[$v_domain]['PROXY_EXT']);
$v_stats = $data[$v_domain]['STATS'];
$v_stats_user = $data[$v_domain]['STATS_USER'];
-if (!empty($v_stats_user)) $v_stats_password = '';
+if (!empty($v_stats_user)) $v_stats_password = "";
$v_ftp_user = $data[$v_domain]['FTP_USER'];
$v_ftp_path = $data[$v_domain]['FTP_PATH'];
-if (!empty($v_ftp_user)) $v_ftp_password = '';
+if (!empty($v_ftp_user)) $v_ftp_password = "";
$v_ftp_user_prepath = $data[$v_domain]['DOCUMENT_ROOT'];
$v_ftp_user_prepath = str_replace('/public_html', '', $v_ftp_user_prepath, $occurance = 1);
$v_ftp_email = $panel[$user]['CONTACT'];
@@ -66,78 +68,87 @@ $v_time = $data[$v_domain]['TIME'];
$v_date = $data[$v_domain]['DATE'];
// List ip addresses
-v_exec('v-list-user-ips', [$user, 'json'], false, $output);
-$ips = json_decode($output, true);
+exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
+$ips = json_decode(implode('', $output), true);
+unset($output);
// List web templates
-v_exec('v-list-web-templates', ['json'], false, $output);
-$templates = json_decode($output, true);
+exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
+$templates = json_decode(implode('', $output), true);
+unset($output);
// List backend templates
if (!empty($_SESSION['WEB_BACKEND'])) {
- v_exec('v-list-web-templates-backend', ['json'], false, $output);
- $backend_templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
+ $backend_templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List proxy templates
if (!empty($_SESSION['PROXY_SYSTEM'])) {
- v_exec('v-list-web-templates-proxy', ['json'], false, $output);
- $proxy_templates = json_decode($output, true);
+ exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+ $proxy_templates = json_decode(implode('', $output), true);
+ unset($output);
}
// List web stat engines
-v_exec('v-list-web-stats', ['json'], false, $output);
-$stats = json_decode($output, true);
+exec (VESTA_CMD."v-list-web-stats json", $output, $return_var);
+$stats = json_decode(implode('', $output), true);
+unset($output);
// Check POST request
if (!empty($_POST['save'])) {
- $v_domain = $_POST['v_domain'];
+ $v_domain = escapeshellarg($_POST['v_domain']);
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
- exit;
+ exit();
}
- // IP has been changed
- if ($v_ip != $_POST['v_ip']) {
- $v_ip = $_POST['v_ip'];
+ // Change web domain IP
+ if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
+ $v_ip = escapeshellarg($_POST['v_ip']);
+ exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ $restart_web = 'yes';
+ $restart_proxy = 'yes';
+ unset($output);
+ }
- // Change web domain IP
- if (empty($_SESSION['error_msg'])) {
- v_exec('v-change-web-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
- $restart_web = 'yes';
- $restart_proxy = 'yes';
+ // Chane dns domain IP
+ if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
+ exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var);
+ unset($output);
+ if ($return_var == 0 ) {
+ exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ $restart_dns = 'yes';
}
+ }
- // Chane dns domain IP
- if (empty($_SESSION['error_msg'])) {
- $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain, 'json'], false);
- if ($return_var == 0) {
- v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
+ // Change dns ip for each alias
+ if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
+ foreach($valiases as $v_alias ){
+ exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var);
+ unset($output);
+ if ($return_var == 0 ) {
+ exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
}
-
- // Change dns ip for each alias
- if (empty($_SESSION['error_msg'])) {
- foreach ($valiases as $v_alias) {
- $return_var = v_exec('v-list-dns-domain', [$v_username, $v_alias, 'json'], false);
- if ($return_var == 0) {
- v_exe ('v-change-dns-domain-ip', [$v_username, $v_alias, $v_ip]);
- $restart_dns = 'yes';
- }
- }
- }
}
// Change template (admin only)
- if ($_SESSION['user'] == 'admin') {
- if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
- $v_template = $_POST['v_template'];
- v_exec('v-change-web-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
- $restart_web = 'yes';
- }
+ if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
+ $v_template = escapeshellarg($_POST['v_template']);
+ exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+ $restart_web = 'yes';
}
// Change aliases
@@ -153,12 +164,18 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes';
$restart_proxy = 'yes';
- $v_template = $_POST['v_template'];
- v_exec('v-delete-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
+ $v_template = escapeshellarg($_POST['v_template']);
+ exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+
if (empty($_SESSION['error_msg'])) {
- $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
+ exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
+ unset($output);
if ($return_var == 0) {
- v_exec('v-delete-dns-on-web-alias', [$v_username, $v_domain, $alias, 'no']);
+ exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
}
@@ -170,12 +187,17 @@ if (!empty($_POST['save'])) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
$restart_web = 'yes';
$restart_proxy = 'yes';
- $v_template = $_POST['v_template'];
- v_exec('v-add-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
+ $v_template = escapeshellarg($_POST['v_template']);
+ exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
if (empty($_SESSION['error_msg'])) {
- $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
+ exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
+ unset($output);
if ($return_var == 0) {
- v_exec('v-add-dns-on-web-alias', [$v_username, $alias, $v_ip, 'no']);
+ exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_dns = 'yes';
}
}
@@ -183,17 +205,19 @@ if (!empty($_POST['save'])) {
}
}
- // Change backend template (admin only)
- if ($_SESSION['user'] == 'admin') {
- if ((!empty($_SESSION['WEB_BACKEND'])) && ($v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
+ // Change backend template
+ if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
$v_backend_template = $_POST['v_backend_template'];
- v_exec('v-change-web-domain-backend-tpl', [$v_username, $v_domain, $v_backend_template]);
- }
+ exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-web-domain-proxy', [$v_username, $v_domain, 'no']);
+ exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unset($v_proxy);
$restart_proxy = 'yes';
}
@@ -205,11 +229,13 @@ if (!empty($_POST['save'])) {
$ext = preg_replace('/\s+/', ' ',$ext);
$ext = trim($ext);
$ext = str_replace(' ', ", ", $ext);
- if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
+ if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
$ext = str_replace(', ', ",", $ext);
if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
- v_exec('v-change-web-domain-proxy-tpl', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
+ exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
$v_proxy_ext = str_replace(',', ', ', $ext);
+ unset($output);
$restart_proxy = 'yes';
}
}
@@ -225,13 +251,17 @@ if (!empty($_POST['save'])) {
$ext = str_replace(' ', ",", $ext);
$v_proxy_ext = str_replace(',', ', ', $ext);
}
- v_exec('v-add-web-domain-proxy', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
+ exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_proxy = 'yes';
}
// Delete SSL certificate
- if (($v_ssl == 'yes') && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
- v_exec('v-delete-web-domain-ssl', [$v_username, $v_domain, 'no']);
+ if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+ exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_ssl = 'no';
$restart_web = 'yes';
$restart_proxy = 'yes';
@@ -267,7 +297,9 @@ if (!empty($_POST['save'])) {
fclose($fp);
}
- v_exec('v-change-web-domain-sslcert', [$user, $v_domain, $tmpdir, 'no']);
+ exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$restart_web = 'yes';
$restart_proxy = 'yes';
$v_ssl_crt = $_POST['v_ssl_crt'];
@@ -296,6 +328,7 @@ if (!empty($_POST['save'])) {
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
+ $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
if (!empty($errors[0])) {
foreach ($errors as $i => $error) {
if ( $i == 0 ) {
@@ -304,41 +337,41 @@ if (!empty($_POST['save'])) {
$error_msg = $error_msg.", ".$error;
}
}
- $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
+ $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
- $v_ssl_home = $_POST['v_ssl_home'];
- $v_ssl_crt = str_replace("\r\n", "\n", $_POST['v_ssl_crt']);
- $v_ssl_key = str_replace("\r\n", "\n", $_POST['v_ssl_key']);
- $v_ssl_ca = str_replace("\r\n", "\n", $_POST['v_ssl_ca']);
-
- exec('mktemp -d', $mktemp_output, $return_var);
+ exec ('mktemp -d', $mktemp_output, $return_var);
$tmpdir = $mktemp_output[0];
// Certificate
if (!empty($_POST['v_ssl_crt'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
- fwrite($fp, $v_ssl_crt);
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
fclose($fp);
}
// Key
if (!empty($_POST['v_ssl_key'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
- fwrite($fp, $v_ssl_key);
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
fclose($fp);
}
// CA
if (!empty($_POST['v_ssl_ca'])) {
$fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
- fwrite($fp, $v_ssl_ca);
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
fclose($fp);
}
-
- v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
+ exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_ssl = 'yes';
$restart_web = 'yes';
$restart_proxy = 'yes';
+ $v_ssl_crt = $_POST['v_ssl_crt'];
+ $v_ssl_key = $_POST['v_ssl_key'];
+ $v_ssl_ca = $_POST['v_ssl_ca'];
+ $v_ssl_home = $_POST['v_ssl_home'];
// Cleanup certificate tempfiles
if (!empty($_POST['v_ssl_crt'])) {
@@ -358,36 +391,47 @@ if (!empty($_POST['save'])) {
}
// Change document root for ssl domain
- if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
- if ($v_ssl_home != $_POST['v_ssl_home']) {
+ if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+ if ( $v_ssl_home != $_POST['v_ssl_home'] ) {
+ $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
+ exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var);
+ check_return_code($return_var,$output);
$v_ssl_home = $_POST['v_ssl_home'];
- v_exec('v-change-web-domain-sslhome', [$user, $v_domain, $v_ssl_home, 'no']);
+ unset($output);
}
}
// Delete web stats
if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
+ exec (VESTA_CMD."v-delete-web-domain-stats ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_stats = '';
- v_exec('v-delete-web-domain-stats', [$v_username, $v_domain]);
}
// Change web stats engine
if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) {
- $v_stats = $_POST['v_stats'];
- v_exec('v-change-web-domain-stats', [$v_username, $v_domain, $v_stats]);
+ $v_stats = escapeshellarg($_POST['v_stats']);
+ exec (VESTA_CMD."v-change-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Add web stats
if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
- $v_stats = $_POST['v_stats'];
- v_exec('v-add-web-domain-stats', [$v_username, $v_domain, $v_stats]);
+ $v_stats = escapeshellarg($_POST['v_stats']);
+ exec (VESTA_CMD."v-add-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Delete web stats authorization
if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
+ exec (VESTA_CMD."v-delete-web-domain-stats-user ".$v_username." ".$v_domain, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
$v_stats_user = '';
$v_stats_password = '';
- v_exec('v-delete-web-domain-stats-user', [$v_username, $v_domain]);
}
// Change web stats user or password
@@ -403,14 +447,16 @@ if (!empty($_POST['save'])) {
}
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
} else {
- $v_stats_user = $_POST['v_stats_user'];
+ $v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
- v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
+ exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_stats_password);
- $v_stats_password = $_POST['v_stats_password'];
+ $v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
}
@@ -428,14 +474,16 @@ if (!empty($_POST['save'])) {
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
}
if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) {
- $v_stats_user = $_POST['v_stats_user'];
+ $v_stats_user = escapeshellarg($_POST['v_stats_user']);
$v_stats_password = tempnam("/tmp","vst");
$fp = fopen($v_stats_password, "w");
fwrite($fp, $_POST['v_stats_password']."\n");
fclose($fp);
- v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
+ exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
unlink($v_stats_password);
- $v_stats_password = $_POST['v_stats_password'];
+ $v_stats_password = escapeshellarg($_POST['v_stats_password']);
}
}
@@ -465,13 +513,15 @@ if (!empty($_POST['save'])) {
// Add ftp account
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
- $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
+ $v_ftp_user = escapeshellarg($v_ftp_username);
+ $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
if (empty($_SESSION['error_msg'])) {
$v_ftp_password = tempnam("/tmp","vst");
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
- v_exec('v-add-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
+ exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
+ check_return_code($return_var,$output);
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
$to = $v_ftp_user_data['v_ftp_email'];
$subject = __("FTP login credentials");
@@ -481,14 +531,16 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
+ unset($output);
unlink($v_ftp_password);
- $v_ftp_password = $v_ftp_user_data['v_ftp_password'];
+ $v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
}
if ($return_var == 0) {
- $v_ftp_password = '';
+ $v_ftp_password = "";
$v_ftp_user_data['is_new'] = 0;
- } else {
+ }
+ else {
$v_ftp_user_data['is_new'] = 1;
}
@@ -507,7 +559,10 @@ if (!empty($_POST['save'])) {
// Delete FTP account
if ($v_ftp_user_data['delete'] == 1) {
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user'];
- v_exec('v-delete-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username]);
+ exec (VESTA_CMD."v-delete-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+
continue;
}
@@ -526,9 +581,10 @@ if (!empty($_POST['save'])) {
// Change FTP account path
$v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
+ $v_ftp_username = escapeshellarg($v_ftp_username);
//if (!empty($v_ftp_user_data['v_ftp_path'])) {
- $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
- v_exec('v-change-web-domain-ftp-path', [$v_username, $v_domain, $v_ftp_username, $v_ftp_path]);
+ $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
+ exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
//}
// Change FTP account password
@@ -537,7 +593,7 @@ if (!empty($_POST['save'])) {
$fp = fopen($v_ftp_password, "w");
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
fclose($fp);
- v_exec('v-change-web-domain-ftp-password', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password]);
+ exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var);
unlink($v_ftp_password);
$to = $v_ftp_user_data['v_ftp_email'];
@@ -548,6 +604,8 @@ if (!empty($_POST['save'])) {
send_email($to, $subject, $mailtext, $from);
unset($v_ftp_email);
}
+ check_return_code($return_var, $output);
+ unset($output);
$v_ftp_users_updated[] = array(
'is_new' => 0,
@@ -563,17 +621,23 @@ if (!empty($_POST['save'])) {
// Restart web server
if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-web');
+ exec (VESTA_CMD."v-restart-web", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Restart proxy server
if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-proxy');
+ exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Restart dns server
if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
- v_exec('v-restart-dns');
+ exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
}
// Set success message
diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php
index 8d7837ffb..f4629794f 100644
--- a/web/file_manager/fm_api.php
+++ b/web/file_manager/fm_api.php
@@ -10,12 +10,13 @@ include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php");
// todo: set in session?
if (empty($panel)) {
- $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
- if ($return_var > 0) {
+ $command = VESTA_CMD."v-list-user '".$user."' 'json'";
+ exec ($command, $output, $return_var);
+ if ( $return_var > 0 ) {
header("Location: /error/");
exit;
}
- $panel = json_decode($output, true);
+ $panel = json_decode(implode('', $output), true);
}
$fm = new FileManager($user);
@@ -30,23 +31,27 @@ switch ($_REQUEST['action']) {
break;
case 'check_file_type':
$dir = $_REQUEST['dir'];
+
print json_encode($fm->checkFileType($dir));
break;
case 'rename_file':
$dir = $_REQUEST['dir'];
$item = $_REQUEST['item'];
$target_name = $_REQUEST['target_name'];
+
print json_encode($fm->renameFile($dir, $item, $target_name));
break;
case 'rename_directory':
$dir = $_REQUEST['dir'];
$item = $_REQUEST['item'];
$target_name = $_REQUEST['target_name'];
+
print json_encode($fm->renameDirectory($dir, $item, $target_name));
break;
case 'delete_files':
$dir = $_REQUEST['dir'];
$item = $_REQUEST['item'];
+
print json_encode($fm->deleteItem($dir, $item));
break;
case 'create_file':
@@ -59,6 +64,7 @@ switch ($_REQUEST['action']) {
$dirname = $_REQUEST['dirname'];
print json_encode($fm->createDir($dir, $dirname));
break;
+
case 'open_file':
$dir = $_REQUEST['dir'];
print json_encode($fm->open_file($dir));
diff --git a/web/file_manager/fm_core.php b/web/file_manager/fm_core.php
index fc0660d27..724368989 100644
--- a/web/file_manager/fm_core.php
+++ b/web/file_manager/fm_core.php
@@ -1,9 +1,7 @@
0,
@@ -15,45 +13,26 @@ class FileManager {
'SIZE' => 6,
'NAME' => 7
);
-
+
protected $user = null;
public $ROOT_DIR = null;
-
-
- static function v_exec($command, array $arguments=[], $checkReturn=true, &$output=null) {
- $output = '';
- $return_var = v_exec($command, $arguments, false, $output);
- return $checkReturn ? self::check_return_code($return_var, explode("\n", $output)) : null;
- }
-
- static function check_return_code($return_var, $output) {
- if ($return_var != 0) {
- $error = implode('
', $output);
- return $error;
- //if (empty($error)) $error = __('Error code:',$return_var);
- //$_SESSION['error_msg'] = $error;
- }
-
- return null;
- }
-
-
+
public function setRootDir($root = null) {
if (null != $root) {
- $root = realpath($root);
+ $root = realpath($root);
}
$this->ROOT_DIR = $root;
}
-
+
public function __construct($user) {
$this->user = $user;
}
-
+
/*public function init() {
$path = !empty($_REQUEST['dir']) ? $_REQUEST['dir'] : '';
$start_url = !empty($path) ? $this->ROOT_DIR . '/' . $path : $this->ROOT_DIR;
$listing = $this->getDirectoryListing($path);
-
+
return $data = array(
'result' => true,
'ROOT_DIR' => $this->ROOT_DIR,
@@ -62,52 +41,55 @@ class FileManager {
'listing' => $listing
);
}*/
-
+
public function checkFileType($dir) {
$dir = $this->formatFullPath($dir);
-
- $error = self::v_exec('v-get-fs-file-type', [$this->user, $dir]);
-
+ exec(VESTA_CMD . "v-get-fs-file-type {$this->user} {$dir}", $output, $return_var);
+ $error = self::check_return_code($return_var, $output);
if (empty($error)) {
return array(
'result' => true,
'data' => implode('', $output)
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
public function formatFullPath($path_part = '') {
if (substr($path_part, 0, strlen($this->ROOT_DIR)) === $this->ROOT_DIR) {
$path = $path_part;
- } else {
+ }
+ else {
$path = $this->ROOT_DIR . '/' . $path_part;
}
//var_dump($path);die();
//$path = str_replace(' ', '\ ', $path);
- return $path;
+ return escapeshellarg($path);
}
-
+
function deleteItem($dir, $item) {
$dir = $this->formatFullPath($item);
+ exec (VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}", $output, $return_var);
- $error = self::v_exec('v-delete-fs-directory', [$this->user, $dir]);
-
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
-
+
/*if (is_readable($item)) {
unlink($item);
}
@@ -121,76 +103,100 @@ class FileManager {
'result' => true
);*/
}
-
+
function copyFile($item, $dir, $target_dir, $filename) {
$src = $this->formatFullPath($item);
$dst = $this->formatFullPath($target_dir);
+
+ exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src} {$dst}", $output, $return_var);
- $error = self::v_exec('v-copy-fs-file', [$this->user, $src, $dst]);
-
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
-
+
+
function copyDirectory($item, $dir, $target_dir, $filename) {
$src = $this->formatFullPath($item);
$dst = $this->formatFullPath($target_dir);
+
+ exec (VESTA_CMD . "v-copy-fs-directory {$this->user} {$src} {$dst}", $output, $return_var);
- $error = self::v_exec('v-copy-fs-directory', [$this->user, $src, $dst]);
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
+ static function check_return_code($return_var, $output) {
+ if ($return_var != 0) {
+ $error = implode('
', $output);
+ return $error;
+ //if (empty($error)) $error = __('Error code:',$return_var);
+ //$_SESSION['error_msg'] = $error;
+ }
+
+ return null;
+ }
+
function createFile($dir, $filename) {
$dir = $this->formatFullPath($dir . '/' . $filename);
- $error = self::v_exec('v-add-fs-file', [$this->user, $dir]);
+ exec (VESTA_CMD . "v-add-fs-file {$this->user} {$dir}", $output, $return_var);
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
function packItem($item, $dir, $target_dir, $filename) {
$item = $this->formatFullPath($item);
$dst_item = $this->formatFullPath($target_dir);
+
$dst_item = str_replace('.tar.gz', '', $dst_item);
-
+
//$item = str_replace($dir . '/', '', $item);
//var_dump(VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}");die();
+ exec (VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}", $output, $return_var);
- $error = self::v_exec('v-add-fs-archive', [$this->user, $dst_item, $item]);
-
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
@@ -199,58 +205,83 @@ class FileManager {
}
function backupItem($item) {
+
$src_item = $this->formatFullPath($item);
+
$dst_item_name = $item . '~' . date('Ymd_His');
+
$dst_item = $this->formatFullPath($dst_item_name);
//print VESTA_CMD . "v-add-fs-archive {$this->user} {$item} {$dst_item}";die();
+ exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src_item} {$dst_item}", $output, $return_var);
- $error = self::v_exec('v-copy-fs-file', [$this->user, $src_item, $dst_item]);
-
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true,
'filename' => $dst_item_name
);
- } else {
+ }
+ else {
+ return array(
+ 'result' => false,
+ 'message' => $error
+ );
+ }
+
+ $error = self::check_return_code($return_var, $output);
+
+ if (empty($error)) {
+ return array(
+ 'result' => true
+ );
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
function unpackItem($item, $dir, $target_dir, $filename) {
$item = $this->formatFullPath($item);
$dst_item = $this->formatFullPath($target_dir);
- $error = self::v_exec('v-extract-fs-archive', [$this->user, $item, $dst_item]);
+ exec (VESTA_CMD . "v-extract-fs-archive {$this->user} {$item} {$dst_item}", $output, $return_var);
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
function renameFile($dir, $item, $target_name) {
$item = $this->formatFullPath($dir . '/' . $item);
$dst_item = $this->formatFullPath($dir . '/' . $target_name);
+
+// var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
-//var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
-
- $error = self::v_exec('v-move-fs-file', [$this->user, $item, $dst_item]);
+ exec (VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}", $output, $return_var);
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
@@ -267,43 +298,51 @@ class FileManager {
);
}
- $error = self::v_exec('v-move-fs-directory', [$this->user, $item, $dst_item]);
+ exec (VESTA_CMD . "v-move-fs-directory {$this->user} {$item} {$dst_item}", $output, $return_var);
+
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
function createDir($dir, $dirname) {
$dir = $this->formatFullPath($dir . '/' . $dirname);
- $error = self::v_exec('v-add-fs-directory', [$this->user, $dir]);
+ exec (VESTA_CMD . "v-add-fs-directory {$this->user} {$dir}", $output, $return_var);
+ $error = self::check_return_code($return_var, $output);
+
if (empty($error)) {
return array(
'result' => true
);
- } else {
+ }
+ else {
return array(
'result' => false,
'message' => $error
);
}
}
-
+
function getDirectoryListing($dir = '') {
$dir = $this->formatFullPath($dir);
- self::v_exec('v-list-fs-directory', [$this->user, $dir], false, $output);
- return $this->parseListing(explode("\n", $output));
- }
+ exec (VESTA_CMD . "v-list-fs-directory {$this->user} {$dir}", $output, $return_var);
+ return $this->parseListing($output);
+ }
+
public function ls($dir = '') {
$listing = $this->getDirectoryListing($dir);
@@ -312,7 +351,7 @@ class FileManager {
'listing' => $listing
);
}
-
+
public function open_file($dir = '') {
$listing = $this->getDirectoryListing($dir);
@@ -321,7 +360,7 @@ class FileManager {
'listing' => $listing
);
}
-
+
public function parseListing($raw) {
$data = array();
foreach ($raw as $o) {
@@ -337,7 +376,7 @@ class FileManager {
'name' => $info[$this->info_positions['NAME']]
);
}
-
+
return $data;
}
diff --git a/web/generate/ssl/index.php b/web/generate/ssl/index.php
index 3439f71f4..5ccc2f295 100644
--- a/web/generate/ssl/index.php
+++ b/web/generate/ssl/index.php
@@ -31,7 +31,7 @@ $_SESSION['back'] = '';
if (!isset($_POST['generate'])) {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
- exit;
+ exit();
}
// Check input
@@ -41,7 +41,6 @@ if (empty($_POST['v_state'])) $errors[] = __('domain');
if (empty($_POST['v_locality'])) $errors[] = __('city');
if (empty($_POST['v_org'])) $errors[] = __('organization');
if (empty($_POST['v_email'])) $errors[] = __('email');
-
$v_domain = $_POST['v_domain'];
$v_email = $_POST['v_email'];
$v_country = $_POST['v_country'];
@@ -62,24 +61,44 @@ if (!empty($errors[0])) {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
unset($_SESSION['error_msg']);
- exit;
+ exit();
}
-$return_var = v_exec('v-generate-ssl-cert', [$v_domain, $v_email, $v_country, $v_state, $v_locality, $v_org, 'IT', 'json'], true, $output);
+// Protect input
+$v_domain = escapeshellarg($_POST['v_domain']);
+$v_email = escapeshellarg($_POST['v_email']);
+$v_country = escapeshellarg($_POST['v_country']);
+$v_state = escapeshellarg($_POST['v_state']);
+$v_locality = escapeshellarg($_POST['v_locality']);
+$v_org = escapeshellarg($_POST['v_org']);
+
+exec (VESTA_CMD."v-generate-ssl-cert ".$v_domain." ".$v_email." ".$v_country." ".$v_state." ".$v_locality." ".$v_org." IT json", $output, $return_var);
+
+// Revert to raw values
+$v_domain = $_POST['v_domain'];
+$v_email = $_POST['v_email'];
+$v_country = $_POST['v_country'];
+$v_state = $_POST['v_state'];
+$v_locality = $_POST['v_locality'];
+$v_org = $_POST['v_org'];
// Check return code
if ($return_var != 0) {
+ $error = implode('
', $output);
+ if (empty($error)) $error = __('Error code:',$return_var);
+ $_SESSION['error_msg'] = $error;
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
unset($_SESSION['error_msg']);
- exit;
+ exit();
}
// OK message
$_SESSION['ok_msg'] = __('SSL_GENERATED_OK');
// Parse output
-$data = json_decode($output, true);
+$data = json_decode(implode('', $output), true);
+unset($output);
$v_crt = $data[$v_domain]['CRT'];
$v_key = $data[$v_domain]['KEY'];
$v_csr = $data[$v_domain]['CSR'];
diff --git a/web/inc/exec.php b/web/inc/exec.php
deleted file mode 100644
index 0c2d9618a..000000000
--- a/web/inc/exec.php
+++ /dev/null
@@ -1,85 +0,0 @@
- 0) {
- header('Location: /error/');
- exit;
- }
-}
-
-function check_return_code($return_var, $output) {
- if ($return_var != 0) {
- $error = implode('
', $output);
- if (empty($error)) $error = __('Error code:', $return_var);
- $_SESSION['error_msg'] = $error;
- }
-}
-
-/**
- * Build shell command arguments from a string array.
- * @param string[] $arguments Unescaped command line arguments. (eg. ['-a', "b'c"], default: [])
- * @return string Escaped arguments.
- */
-function build_shell_args($arguments=[]) {
- $ret = [];
- // Convert $arguments to an array
- if (!is_array($arguments)) $arguments = !is_null($arguments) ? [$arguments] : [];
- foreach ($arguments as $arg) {
- // Convert $arg to a string if $arg is an array (for an argument like this: ?abc[def]=ghi)
- if (is_array($arg)) $arg = implode('', $arg);
- // Convert $arg to a string (just in case)
- if (!is_string($arg)) $arg = (string)$arg;
- // Append the argument
- $ret[] = escapeshellarg($arg);
- }
- return implode(' ', $ret);
-}
-
-/**
- * Execute a command.
- * @param string $command Command to execute. (eg. ls)
- * @param string[] $arguments (optional) Unescaped command line arguments. (eg. ['-a', '/'], default: [])
- * @param string &$output (optional) Variable to contain output from the command.
- * @return int Exit code (return status) of the executed command.
- */
-function safe_exec($command, $arguments=[], &$output=null) {
- $cmd = build_shell_args($command);
- $arg = build_shell_args($arguments);
- if (!empty($arg)) {
- $cmd .= ' ' . $arg;
- }
- // Execute
- exec($cmd, $rawOutput, $status);
- $output = implode("\n", $rawOutput);
- return $status;
-}
-
-/**
- * Execute a vesta command line APIs (VESTA_CMD/v-*).
- * (Wrapper function of `safe_exec`.)
- * @see safe_exec
- * @param string $command Command to execute. (eg. v-search-object)
- * @param string[] $arguments (optional) Unescaped command line arguments. (eg. ["We've", 'json'], default: [])
- * @param bool $checkReturn (optional) If this set to true, check_return_code will be called after the command executes. (default: true)
- * @param string &$output (optional) Variable to contain output from the command.
- * @return int Exit code (return status) of the executed command.
- */
-function v_exec($command, $arguments=[], $checkReturn=true, &$output=null) {
- // Check command
- if (preg_match('#^\.*$|/#', $command)) return -1;
- // Convert $arguments to an array
- if (!is_array($arguments)) $arguments = !is_null($arguments) ? [$arguments] : [];
- // Execute
- $status = safe_exec([SUDO_CMD, VESTA_BIN_DIR.$command], $arguments, $output);
- if ($checkReturn) {
- check_return_code($status, explode("\n", $output));
- }
- return $status;
-}
diff --git a/web/inc/i18n.php b/web/inc/i18n.php
index 92c3b991d..1dab4cae4 100644
--- a/web/inc/i18n.php
+++ b/web/inc/i18n.php
@@ -1,8 +1,6 @@
1) {
+ if (count($args)>1) {
$args[0] = $text;
- return call_user_func_array('sprintf', $args);
+ return call_user_func_array("sprintf",$args);
} else {
return $text;
}
@@ -44,8 +42,8 @@ function _translate() {
*/
function __() {
$args = func_get_args();
- array_unshift($args, $_SESSION['language']);
- return call_user_func_array('_translate', $args);
+ array_unshift($args,$_SESSION['language']);
+ return call_user_func_array("_translate",$args);
}
/**
@@ -88,15 +86,16 @@ function detect_user_language($fallback='en') {
arsort($accept_langs_sorted);
// List languages
- v_exec('v-list-sys-languages', ['json'], false, $output);
- $languages = json_decode($output, true);
+ exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+ $languages = json_decode(implode('', $output), true);
+ unset($output);
// Find best matching language
- foreach ($accept_langs_sorted as $req_lang => $dummy) {
+ foreach ($accept_langs_sorted as $user_lang => $dummy) {
$decision = '';
foreach ($languages as $prov_lang) {
if (strlen($decision) > strlen($prov_lang)) continue;
- if (stripos($req_lang, $prov_lang) !== false) {
+ if (strpos($user_lang, $prov_lang) !== false) {
$decision = $prov_lang;
}
}
@@ -110,4 +109,4 @@ function detect_user_language($fallback='en') {
// Store result for reusing
$user_lang = $fallback;
return $user_lang;
-}
+}
\ No newline at end of file
diff --git a/web/inc/mail-wrapper.php b/web/inc/mail-wrapper.php
index 1c47979cb..a8c48a09e 100755
--- a/web/inc/mail-wrapper.php
+++ b/web/inc/mail-wrapper.php
@@ -8,15 +8,14 @@ if (empty($argv[1])) {
$options = getopt("s:f:");
-require_once(__DIR__.'/exec.php');
-define('NO_AUTH_REQUIRED', true);
+define('NO_AUTH_REQUIRED',true);
include("/usr/local/vesta/web/inc/main.php");
// Set system language
-v_exec('v-list-sys-config', ['json'], false, $output);
-$data = json_decode($output, true);
-if (!empty($data['config']['LANGUAGE'])) {
+exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+if (!empty( $data['config']['LANGUAGE'])) {
$_SESSION['language'] = $data['config']['LANGUAGE'];
} else {
$_SESSION['language'] = 'en';
diff --git a/web/inc/main.php b/web/inc/main.php
index 6bebfa644..b3453dce3 100644
--- a/web/inc/main.php
+++ b/web/inc/main.php
@@ -1,8 +1,7 @@
$favourite){
@@ -70,7 +71,7 @@ function get_favourites(){
$items = explode(',', $favourite);
foreach($items as $item){
- if ($item)
+ if($item)
$favourites[$key][trim($item)] = 1;
}
}
@@ -78,15 +79,34 @@ function get_favourites(){
$_SESSION['favourites'] = $favourites;
}
-function top_panel($user, $TAB) {
- global $panel;
- $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
- if ($return_var > 0) {
- header('Location: /error/');
+
+
+function check_error($return_var) {
+ if ( $return_var > 0 ) {
+ header("Location: /error/");
exit;
}
- $panel = json_decode($output, true);
- if ($user == 'admin') {
+}
+
+function check_return_code($return_var,$output) {
+ if ($return_var != 0) {
+ $error = implode('
', $output);
+ if (empty($error)) $error = __('Error code:',$return_var);
+ $_SESSION['error_msg'] = $error;
+ }
+}
+
+function top_panel($user, $TAB) {
+ global $panel;
+ $command = VESTA_CMD."v-list-user '".$user."' 'json'";
+ exec ($command, $output, $return_var);
+ if ( $return_var > 0 ) {
+ header("Location: /error/");
+ exit;
+ }
+ $panel = json_decode(implode('', $output), true);
+ unset($output);
+ if ( $user == 'admin' ) {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/panel.html');
} else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/panel.html');
diff --git a/web/list/backup/exclusions/index.php b/web/list/backup/exclusions/index.php
index 919c03b1c..d03e98614 100644
--- a/web/list/backup/exclusions/index.php
+++ b/web/list/backup/exclusions/index.php
@@ -12,8 +12,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-user-backup-exclusions', [$user, 'json'], false, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-user-backup-exclusions $user json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_exclusions.html');
// Back uri
diff --git a/web/list/backup/index.php b/web/list/backup/index.php
index ccb7a947b..a79205724 100644
--- a/web/list/backup/index.php
+++ b/web/list/backup/index.php
@@ -13,14 +13,16 @@ top_panel($user,$TAB);
// Data
if (empty($_GET['backup'])){
- v_exec('v-list-user-backups', [$user, 'json'], false, $output);
- $data = json_decode($output, true);
- $data = array_reverse($data, true);
+ exec (VESTA_CMD."v-list-user-backups $user json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
+ $data = array_reverse($data,true);
+ unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup.html');
} else {
- v_exec('v-list-user-backup', [$user, $_GET['backup'], 'json'], false, $output);
- $data = json_decode($output, true);
- $data = array_reverse($data, true);
+ exec (VESTA_CMD."v-list-user-backup $user '".escapeshellarg($_GET['backup'])."' json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
+ $data = array_reverse($data,true);
+ unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_detail.html');
}
diff --git a/web/list/cron/index.php b/web/list/cron/index.php
index 303154c02..19f66379c 100644
--- a/web/list/cron/index.php
+++ b/web/list/cron/index.php
@@ -13,9 +13,10 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-cron-jobs', [$user, 'json'], false, $output);
-$data = json_decode($output, true);
-$data = array_reverse($data, true);
+exec (VESTA_CMD."v-list-cron-jobs $user json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+$data = array_reverse($data,true);
+unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_cron.html');
diff --git a/web/list/db/index.php b/web/list/db/index.php
index beb775811..4262b61fd 100644
--- a/web/list/db/index.php
+++ b/web/list/db/index.php
@@ -12,9 +12,10 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-databases', [$user, 'json'], false, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-databases $user json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_db.html');
diff --git a/web/list/directory/index.php b/web/list/directory/index.php
index a50a90929..737e19db3 100644
--- a/web/list/directory/index.php
+++ b/web/list/directory/index.php
@@ -11,16 +11,17 @@ if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY'
// Check login_as feature
if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
- $user = $_SESSION['look'];
+ $user=$_SESSION['look'];
}
if (empty($panel)) {
- $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
- if ($return_var > 0) {
+ $command = VESTA_CMD."v-list-user '".$user."' 'json'";
+ exec ($command, $output, $return_var);
+ if ( $return_var > 0 ) {
header("Location: /error/");
exit;
}
- $panel = json_decode($output, true);
+ $panel = json_decode(implode('', $output), true);
}
$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : '';
diff --git a/web/list/dns/index.php b/web/list/dns/index.php
index 4f4af1896..0b9951a7a 100644
--- a/web/list/dns/index.php
+++ b/web/list/dns/index.php
@@ -14,18 +14,20 @@ top_panel($user,$TAB);
// Data
if (empty($_GET['domain'])){
- v_exec('v-list-dns-domains', [$user, 'json'], false, $output);
- $data = json_decode($output, true);
+ exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+ unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns.html');
} else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_dns.html');
}
} else {
- v_exec('v-list-dns-records', [$user, $_GET['domain'], 'json'], false, $output);
- $data = json_decode($output, true);
+ exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+ unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns_rec.html');
} else {
diff --git a/web/list/favorites/index.php b/web/list/favorites/index.php
index 04ef3e149..0ddc4c0b0 100644
--- a/web/list/favorites/index.php
+++ b/web/list/favorites/index.php
@@ -5,20 +5,20 @@ error_reporting(NULL);
echo '
Favorites:
';
// Data
- v_exec('v-list-user-favourites', [$_SESSION['user'], 'json'], false, $output);
+ exec (VESTA_CMD."v-list-user-favourites ".$_SESSION['user']." json", $output, $return_var);
-// print_r($output);
+// print_r(implode('', $output));
// $json = '{ "Favourites": { "USER": "", "WEB": "bulletfarm.com", "DNS": "", "MAIL": "", "DB": "", "CRON": "", "BACKUP": "", "IP": "", "PACKAGE": "", "FIREWALL": ""}}';
// $data = json_decode($json, true);
- $data = json_decode($output.'}', true);
- $data = array_reverse($data, true);
+ $data = json_decode(implode('', $output).'}', true);
+ $data = array_reverse($data,true);
print_r($data);
// $data = array_reverse($data,true);
-// $data = json_decode($output, true);
+// $data = json_decode(implode('', $output), true);
?>
\ No newline at end of file
diff --git a/web/list/firewall/banlist/index.php b/web/list/firewall/banlist/index.php
index 55c743cb8..32393229c 100644
--- a/web/list/firewall/banlist/index.php
+++ b/web/list/firewall/banlist/index.php
@@ -19,9 +19,10 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-firewall-ban', ['json'], false, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-firewall-ban json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall_banlist.html');
// Back uri
diff --git a/web/list/firewall/index.php b/web/list/firewall/index.php
index 7363eef85..62b8cbfdd 100644
--- a/web/list/firewall/index.php
+++ b/web/list/firewall/index.php
@@ -19,9 +19,10 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-firewall', ['json'], false, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-firewall json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall.html');
// Back uri
diff --git a/web/list/ip/index.php b/web/list/ip/index.php
index 1f019cc8b..510da61aa 100644
--- a/web/list/ip/index.php
+++ b/web/list/ip/index.php
@@ -13,9 +13,10 @@ top_panel($user,$TAB);
// Data
if ($_SESSION['user'] == 'admin') {
- v_exec('v-list-sys-ips', ['json'], false, $output);
- $data = json_decode($output, true);
+ exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+ unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_ip.html');
}
diff --git a/web/list/log/index.php b/web/list/log/index.php
index 916e74da0..c0e226e45 100644
--- a/web/list/log/index.php
+++ b/web/list/log/index.php
@@ -12,10 +12,11 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-$return_var = v_exec('v-list-user-log', [$user, 'json'], false, $output);
+exec (VESTA_CMD."v-list-user-log $user json", $output, $return_var);
check_error($return_var);
-$data = json_decode($output, true);
+$data = json_decode(implode('', $output), true);
$data = array_reverse($data);
+unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_log.html');
diff --git a/web/list/mail/index.php b/web/list/mail/index.php
index 1b2748c06..6555ccbae 100644
--- a/web/list/mail/index.php
+++ b/web/list/mail/index.php
@@ -14,18 +14,20 @@ top_panel($user,$TAB);
// Data
if (empty($_GET['domain'])){
- v_exec('v-list-mail-domains', [$user, 'json'], false, $output);
- $data = json_decode($output, true);
+ exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+ unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail.html');
} else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_mail.html');
}
} else {
- v_exec('v-list-mail-accounts', [$user, $_GET['domain'], 'json'], false, $output);
- $data = json_decode($output, true);
+ exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
+ unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail_acc.html');
} else {
diff --git a/web/list/notifications/index.php b/web/list/notifications/index.php
index 870debd98..1b6a0d1c5 100644
--- a/web/list/notifications/index.php
+++ b/web/list/notifications/index.php
@@ -5,17 +5,17 @@ error_reporting(NULL);
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-if ($_REQUEST['ajax'] == 1) {
+if($_REQUEST['ajax'] == 1){
// Data
- v_exec('v-list-user-notifications', [$user, 'json'], false, $output);
- $data = json_decode($output, true);
- $data = array_reverse($data, true);
- foreach ($data as $key => $note) {
+ exec (VESTA_CMD."v-list-user-notifications $user json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
+ $data = array_reverse($data,true);
+ foreach($data as $key => $note){
$note['ID'] = $key;
$data[$key] = $note;
}
echo json_encode($data);
- exit;
+ exit();
}
@@ -28,9 +28,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-user-notifications', [$user, 'json'], false, $output);
-$data = json_decode($output, true);
-$data = array_reverse($data, true);
+exec (VESTA_CMD."v-list-user-notifications $user json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+$data = array_reverse($data,true);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_notifications.html');
} else {
diff --git a/web/list/package/index.php b/web/list/package/index.php
index c2aa5dd25..61e44c179 100644
--- a/web/list/package/index.php
+++ b/web/list/package/index.php
@@ -18,8 +18,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
top_panel($user,$TAB);
// Data
-v_exec('v-list-user-packages', ['json'], false, $output);
-$data = json_decode($output, true);
+exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_packages.html');
// Back uri
diff --git a/web/list/rrd/index.php b/web/list/rrd/index.php
index 3ccb727a0..725a584e9 100644
--- a/web/list/rrd/index.php
+++ b/web/list/rrd/index.php
@@ -13,8 +13,9 @@ top_panel($user,$TAB);
// Data
if ($_SESSION['user'] == 'admin') {
- v_exec('v-list-sys-rrd', ['json'], false, $output);
- $data = json_decode($output, true);
+ exec (VESTA_CMD."v-list-sys-rrd json", $output, $return_var);
+ $data = json_decode(implode('', $output), true);
+ unset($output);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_rrd.html');
}
diff --git a/web/list/server/index.php b/web/list/server/index.php
index 1a0ef3c2f..7db575457 100644
--- a/web/list/server/index.php
+++ b/web/list/server/index.php
@@ -15,50 +15,60 @@ if ($_SESSION['user'] != 'admin') {
if (isset($_GET['cpu'])) {
$TAB = 'CPU';
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
- v_exec('v-list-sys-cpu-status', [], false, $output);
- echo $output . "\n";
+ exec (VESTA_CMD.'v-list-sys-cpu-status', $output, $return_var);
+ foreach($output as $file) {
+ echo $file . "\n";
+ }
echo " \n \n