Revert "[SECURITY] Fix OS command injection."

This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions

View file

@ -8,20 +8,22 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit;
exit();
}
if ($_SESSION['user'] == 'admin') {
if (!empty($_GET['user'])) {
$v_username = $_GET['user'];
v_exec('v-delete-user', [$v_username]);
$v_username = escapeshellarg($_GET['user']);
exec (VESTA_CMD."v-delete-user ".$v_username, $output, $return_var);
}
check_return_code($return_var,$output);
unset($_SESSION['look']);
unset($output);
}
$back = $_SESSION['back'];
if (!empty($back)) {
header("Location: $back");
header("Location: ".$back);
exit;
}