github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 21:34:11 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

237
web/edit/server/index.php
View file

@ -16,8 +16,9 @@ $v_hostname = exec('hostname');
// List available timezones and get current one
$v_timezones = list_timezones();
v_exec('v-get-sys-timezone', [], false, $output);
$v_timezone = strtok($output, "\n");
exec (VESTA_CMD."v-get-sys-timezone", $output, $return_var);
$v_timezone = $output[0];
unset($output);
if ($v_timezone == 'Etc/UTC' ) $v_timezone = 'UTC';
if ($v_timezone == 'Pacific/Honolulu' ) $v_timezone = 'HAST';
if ($v_timezone == 'US/Aleutian' ) $v_timezone = 'HADT';
@ -33,40 +34,51 @@ if ($v_timezone == 'America/Puerto_Rico' ) $v_timezone = 'AST';
if ($v_timezone == 'America/Halifax' ) $v_timezone = 'ADT';
// List supported languages
v_exec('v-list-sys-languages', ['json'], false, $output);
$languages = json_decode($output, true);
exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
$languages = json_decode(implode('', $output), true);
unset($output);
// List dns cluster hosts
v_exec('v-list-remote-dns-hosts', ['json'], false, $output);
$dns_cluster = json_decode($output, true);
if (count($dns_cluster) >= 1) $v_dns_cluster = 'yes';
exec (VESTA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
$dns_cluster = json_decode(implode('', $output), true);
unset($output);
foreach ($dns_cluster as $key => $value) {
$v_dns_cluster = 'yes';
}
// List MySQL hosts
v_exec('v-list-database-hosts', ['mysql', 'json'], false, $output);
$v_mysql_hosts = json_decode($output, true);
if (count($v_mysql_hosts) >= 1) $v_mysql = 'yes';
exec (VESTA_CMD."v-list-database-hosts mysql json", $output, $return_var);
$v_mysql_hosts = json_decode(implode('', $output), true);
unset($output);
foreach ($v_mysql_hosts as $key => $value) {
$v_mysql = 'yes';
}
// List PostgreSQL hosts
v_exec('v-list-database-hosts', ['pgsql', 'json'], false, $output);
$v_pgsql_hosts = json_decode($output, true);
if (count($v_pgsql_hosts) >= 1) $v_psql = 'yes';
exec (VESTA_CMD."v-list-database-hosts pgsql json", $output, $return_var);
$v_pgsql_hosts = json_decode(implode('', $output), true);
unset($output);
foreach ($v_pgsql_hosts as $key => $value) {
$v_psql = 'yes';
}
// List backup settings
$v_backup_dir = '/backup';
$v_backup_dir = "/backup";
if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
$v_backup_gzip = '5';
if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
$backup_types = explode(',', $_SESSION['BACKUP_SYSTEM']);
$backup_types = split(",",$_SESSION['BACKUP_SYSTEM']);
foreach ($backup_types as $backup_type) {
if ($backup_type == 'local') {
$v_backup = 'yes';
} else {
v_exec('v-list-backup-host', [$backup_type, 'json'], false, $output);
$v_remote_backup = json_decode($output, true);
exec (VESTA_CMD."v-list-backup-host ".$backup_type. " json", $output, $return_var);
$v_remote_backup = json_decode(implode('', $output), true);
unset($output);
$v_backup_host = $v_remote_backup[$backup_type]['HOST'];
$v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
$v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
$v_backup_password = '';
$v_backup_password = "";
$v_backup_port = $v_remote_backup[$backup_type]['PORT'];
$v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
}
@ -74,16 +86,19 @@ foreach ($backup_types as $backup_type) {
// Check POST request
if (!empty($_POST['save'])) {
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit;
exit();
}
// Change hostname
if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
exec (VESTA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_hostname = $_POST['v_hostname'];
v_exec('v-change-sys-hostname', [$v_hostname]);
}
// Change timezone
@ -105,8 +120,10 @@ if (!empty($_POST['save'])) {
if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax';
if ($v_timezone != $v_tz) {
exec (VESTA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
check_return_code($return_var,$output);
$v_timezone = $v_tz;
v_exec('v-change-sys-timezone', [$v_timezone]);
unset($output);
}
}
}
@ -114,7 +131,9 @@ if (!empty($_POST['save'])) {
// Change default language
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) {
v_exec('v-change-sys-language', [$_POST['v_language']]);
exec (VESTA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
}
}
@ -123,10 +142,14 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) {
if($_POST['v_quota'] == 'yes') {
v_exec('v-add-sys-quota');
exec (VESTA_CMD."v-add-sys-quota", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes';
} else {
v_exec('v-delete-sys-quota');
exec (VESTA_CMD."v-delete-sys-quota", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no';
}
}
@ -138,10 +161,14 @@ if (!empty($_POST['save'])) {
if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no';
if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) {
if($_POST['v_firewall'] == 'yes') {
v_exec('v-add-sys-firewall');
exec (VESTA_CMD."v-add-sys-firewall", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
} else {
v_exec('v-delete-sys-firewall');
exec (VESTA_CMD."v-delete-sys-firewall", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = '';
}
}
@ -150,7 +177,9 @@ if (!empty($_POST['save'])) {
// Update mysql pasword
if (empty($_SESSION['error_msg'])) {
if (!empty($_POST['v_mysql_password'])) {
v_exec('v-change-database-host-password', ['mysql', 'localhost', 'root', $_POST['v_mysql_password']]);
exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes';
}
}
@ -159,7 +188,9 @@ if (!empty($_POST['save'])) {
// Update webmail url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
v_exec('v-change-sys-config-value', ['MAIL_URL', $_POST['v_mail_url']]);
exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_mail_adv = 'yes';
}
}
@ -167,7 +198,9 @@ if (!empty($_POST['save'])) {
// Update phpMyAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) {
v_exec('v-change-sys-config-value', ['DB_PMA_URL', $_POST['v_mysql_url']]);
exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes';
}
}
@ -175,15 +208,19 @@ if (!empty($_POST['save'])) {
// Update phpPgAdmin url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_psql_url'] != $_SESSION['DB_PGA_URL']) {
v_exec('v-change-sys-config-value', ['DB_PGA_URL', $_POST['v_pgsql_url']]);
exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_db_adv = 'yes';
}
}
// Disable local backup
if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) {
v_exec('v-delete-backup-host', ['local']);
if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes' )) {
exec (VESTA_CMD."v-delete-backup-host local", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'no';
$v_backup_adv = 'yes';
}
@ -192,7 +229,9 @@ if (!empty($_POST['save'])) {
// Enable local backups
if (empty($_SESSION['error_msg'])) {
if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
v_exec('v-add-backup-host', ['local']);
exec (VESTA_CMD."v-add-backup-host local", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
$v_backup_adv = 'yes';
}
@ -202,7 +241,9 @@ if (!empty($_POST['save'])) {
// Change backup gzip level
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
v_exec('v-change-sys-config-value', ['BACKUP_GZIP', $_POST['v_backup_gzip']]);
exec (VESTA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
$v_backup_adv = 'yes';
}
@ -211,7 +252,9 @@ if (!empty($_POST['save'])) {
// Change backup path
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_dir'] != $v_backup_dir ) {
v_exec('v-change-sys-config-value', ['BACKUP', $_POST['v_backup_dir']]);
exec (VESTA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
$v_backup_adv = 'yes';
}
@ -220,12 +263,19 @@ if (!empty($_POST['save'])) {
// Add remote backup host
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) {
$v_backup_host = $_POST['v_backup_host'];
$v_backup_type = $_POST['v_backup_type'];
$v_backup_username = $_POST['v_backup_username'];
$v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = $_POST['v_backup_bpath'];
v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_new = 'yes';
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
@ -235,14 +285,22 @@ if (!empty($_POST['save'])) {
// Change remote backup host type
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
v_exec('v-delete-backup-host', [$v_backup_type], false);
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
unset($output);
$v_backup_host = $_POST['v_backup_host'];
$v_backup_type = $_POST['v_backup_type'];
$v_backup_username = $_POST['v_backup_username'];
$v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = $_POST['v_backup_bpath'];
v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@ -252,12 +310,19 @@ if (!empty($_POST['save'])) {
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) {
if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){
$v_backup_host = $_POST['v_backup_host'];
$v_backup_type = $_POST['v_backup_type'];
$v_backup_username = $_POST['v_backup_username'];
$v_backup_password = $_POST['v_backup_password'];
$v_backup_bpath = $_POST['v_backup_bpath'];
v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
$v_backup_adv = 'yes';
$v_backup_remote_adv = 'yes';
}
@ -268,14 +333,14 @@ if (!empty($_POST['save'])) {
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
v_exec('v-delete-backup-host', [$v_backup_type]);
if (empty($_SESSION['error_msg'])) {
$v_backup_host = '';
$v_backup_type = '';
$v_backup_username = '';
$v_backup_password = '';
$v_backup_bpath = '';
}
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = '';
if (empty($_SESSION['error_msg'])) $v_backup_type = '';
if (empty($_SESSION['error_msg'])) $v_backup_username = '';
if (empty($_SESSION['error_msg'])) $v_backup_password = '';
if (empty($_SESSION['error_msg'])) $v_backup_bpath = '';
$v_backup_adv = '';
$v_backup_remote_adv = '';
}
@ -286,25 +351,29 @@ if (!empty($_POST['save'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');
}
// Activate sftp licence
// activating sftp licence
if (empty($_SESSION['error_msg'])) {
if ($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes') {
if($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes'){
$module = 'sftpjail';
$licence_key = $_POST['v_sftp_licence'];
v_exec('v-activate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_POST['v_sftp_licence']);
exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated');
$_SESSION['SFTPJAIL_KEY'] = $licence_key;
$_SESSION['SFTPJAIL_KEY'] = $_POST['v_sftp_licence'];
}
}
}
// Cancel sftp licence
// cancel sftp licence
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']) {
if($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']){
$module = 'sftpjail';
$licence_key = $_SESSION['SFTPJAIL_KEY'];
v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_SESSION['SFTPJAIL_KEY']);
exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['SFTPJAIL_KEY']);
@ -313,25 +382,29 @@ if (!empty($_POST['save'])) {
}
// Activate filemanager licence
// activating filemanager licence
if (empty($_SESSION['error_msg'])) {
if ($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes') {
if($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes'){
$module = 'filemanager';
$licence_key = $_POST['v_filemanager_licence'];
v_exec('v-activate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_POST['v_filemanager_licence']);
exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Activated');
$_SESSION['FILEMANAGER_KEY'] = $licence_key;
$_SESSION['FILEMANAGER_KEY'] = $_POST['v_filemanager_licence'];
}
}
}
// Cancel filemanager licence
// cancel filemanager licence
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']) {
if($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']){
$module = 'filemanager';
$licence_key = $_SESSION['FILEMANAGER_KEY'];
v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
$licence_key = escapeshellarg($_SESSION['FILEMANAGER_KEY']);
exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Licence Deactivated');
unset($_SESSION['FILEMANAGER_KEY']);
@ -341,8 +414,8 @@ if (!empty($_POST['save'])) {
}
// Check system configuration
v_exec('v-list-sys-config', ['json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value;