Revert "[SECURITY] Fix OS command injection."

web/bulk/firewall/banlist/index.php

@@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit;
+    exit();
 }
 
 // Check user
@@ -22,7 +22,10 @@ if ($_SESSION['user'] != 'admin') {
 $ipchain = $_POST['ipchain'];
 /*if (!empty($_POST['ipchain'])) {
     $ipchain = $_POST['ipchain'];
-    list($ip, $chain) = explode(':', $ipchain);
+    list($ip,$chain) = split(":",$ipchain);
+    $v_ip = escapeshellarg($ip);
+    $v_chain = escapeshellarg($chain);
+
 }*/
 
 $action = $_POST['action'];
@@ -34,8 +37,10 @@ switch ($action) {
 }
 
 foreach ($ipchain as $value) {
-    list($ip, $chain) = explode(':', $value);
-    v_exec($cmd, [$ip, $chain], false);
+    list($ip,$chain) = split(":",$value);
+    $v_ip    = escapeshellarg($ip);
+    $v_chain = escapeshellarg($chain);
+    exec (VESTA_CMD.$cmd." ".$v_ip." ".$v_chain, $output, $return_var);
 }
 
 header("Location: /list/firewall/banlist");

web/bulk/firewall/index.php

@@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit;
+    exit();
 }
 
 // Check user
@@ -34,7 +34,8 @@ switch ($action) {
 }
 
 foreach ($rule as $value) {
-    v_exec($cmd, [$value], false);
+    $value = escapeshellarg($value);
+    exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
     $restart = 'yes';
 }