mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-21 05:44:07 -07:00
Revert "[SECURITY] Fix OS command injection."
This commit is contained in:
Serghey Rodin
parent
9620bfbf35
commit
39e9b6397b
115 changed files with 1980 additions and 1340 deletions
|
|
@ -3,12 +3,13 @@
|
|||
error_reporting(NULL);
|
||||
ob_start();
|
||||
session_start();
|
||||
include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
|
||||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
|
||||
if ($_SESSION['user'] == 'admin') {
|
||||
v_exec('v-add-cron-vesta-autoupdate', [], false);
|
||||
exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var);
|
||||
$_SESSION['error_msg'] = __('Autoupdate has been successfully enabled');
|
||||
unset($output);
|
||||
}
|
||||
|
||||
header('Location: /list/updates/');
|
||||
header("Location: /list/updates/");
|
||||
exit;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
|
|||
// Check token
|
||||
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
|
||||
header('location: /login/');
|
||||
exit;
|
||||
exit();
|
||||
}
|
||||
|
||||
// Check empty fields
|
||||
|
|
@ -35,16 +35,18 @@ if (!empty($_POST['ok'])) {
|
|||
}
|
||||
|
||||
// Protect input
|
||||
$v_min = $_POST['v_min'];
|
||||
$v_hour = $_POST['v_hour'];
|
||||
$v_day = $_POST['v_day'];
|
||||
$v_month = $_POST['v_month'];
|
||||
$v_wday = $_POST['v_wday'];
|
||||
$v_cmd = $_POST['v_cmd'];
|
||||
$v_min = escapeshellarg($_POST['v_min']);
|
||||
$v_hour = escapeshellarg($_POST['v_hour']);
|
||||
$v_day = escapeshellarg($_POST['v_day']);
|
||||
$v_month = escapeshellarg($_POST['v_month']);
|
||||
$v_wday = escapeshellarg($_POST['v_wday']);
|
||||
$v_cmd = escapeshellarg($_POST['v_cmd']);
|
||||
|
||||
// Add cron job
|
||||
if (empty($_SESSION['error_msg'])) {
|
||||
v_exec('v-add-cron-job', [$user, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
|
||||
exec (VESTA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
}
|
||||
|
||||
// Flush field values on success
|
||||
|
|
@ -56,6 +58,7 @@ if (!empty($_POST['ok'])) {
|
|||
unset($v_month);
|
||||
unset($v_wday);
|
||||
unset($v_cmd);
|
||||
unset($output);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,10 +3,11 @@
|
|||
error_reporting(NULL);
|
||||
ob_start();
|
||||
session_start();
|
||||
include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
|
||||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
|
||||
v_exec('v-add-cron-reports', [$user], false);
|
||||
exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var);
|
||||
$_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
|
||||
unset($output);
|
||||
|
||||
header('Location: /list/cron/');
|
||||
header("Location: /list/cron/");
|
||||
exit;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue