Revert "[SECURITY] Fix OS command injection."

2025-08-21 05:44:07 -07:00 · 2015-12-11 21:14:49 +02:00 · 2015-12-11 21:14:49 +02:00 · 39e9b6397b
commit 39e9b6397b
parent 9620bfbf35
115 changed files with 1980 additions and 1340 deletions
--- a/web/bulk/backup/exclusions/index.php
+++ b/web/bulk/backup/exclusions/index.php
@ -16,7 +16,8 @@ switch ($action) {
 }

 foreach ($backup as $value) {
-    v_exec($cmd, [$user, $value], false);
+    $value = escapeshellarg($value);
+    exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
 }

 header("Location: /list/backup/exclusions");
--- a/web/bulk/backup/index.php
+++ b/web/bulk/backup/index.php
@ -12,7 +12,7 @@ $action = $_POST['action'];
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
    header('location: /login/');
-    exit;
+    exit();
 }

 switch ($action) {
@ -22,7 +22,8 @@ switch ($action) {
 }

 foreach ($backup as $value) {
-    v_exec($cmd, [$user, $value], false);
+    $value = escapeshellarg($value);
+    exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
 }

 header("Location: /list/backup/");