github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 18:49:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

15
web/bulk/ip/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
$ip = $_POST['ip'];
@ -17,11 +17,11 @@ $action = $_POST['action'];
if ($_SESSION['user'] == 'admin') {
switch ($action) {
case 'reread IP': $cmd = 'v-update-sys-ip';
v_exec($cmd, [], false);
header('Location: /list/ip/');
exit;
case 'delete': $cmd = 'v-delete-sys-ip';
case 'reread IP': exec(VESTA_CMD."v-update-sys-ip", $output, $return_var);
header("Location: /list/ip/");
exit;
break;
case 'delete': $cmd='v-delete-sys-ip';
break;
default: header("Location: /list/ip/"); exit;
}
@ -31,7 +31,8 @@ if ($_SESSION['user'] == 'admin') {
}
foreach ($ip as $value) {
v_exec($cmd, [$value], false);
$value = escapeshellarg($value);
exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
}
header("Location: /list/ip/");