github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 10:37:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

18
web/delete/notification/index.php
View file

@ -8,17 +8,23 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit;
exit();
}
if($_GET['delete'] == 1){
$v_id = (string)((int)$_GET['notification_id']);
v_exec('v-delete-user-notification', [$user, $v_id]);
$v_username = escapeshellarg($user);
$v_id = escapeshellarg((int)$_GET['notification_id']);
exec (VESTA_CMD."v-delete-user-notification ".$v_username." ".$v_id, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
} else {
$v_id = (string)((int)$_GET['notification_id']);
//echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
v_exec('v-acknowledge-user-notification', [$user, $v_id]);
$v_username = escapeshellarg($user);
$v_id = escapeshellarg((int)$_GET['notification_id']);
echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
exec (VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
exit;