github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 13:54:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

10
web/list/dns/index.php
View file

@ -14,18 +14,20 @@ top_panel($user,$TAB);
// Data
if (empty($_GET['domain'])){
v_exec('v-list-dns-domains', [$user, 'json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns.html');
} else {
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_dns.html');
}
} else {
v_exec('v-list-dns-records', [$user, $_GET['domain'], 'json'], false, $output);
$data = json_decode($output, true);
exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var);
$data = json_decode(implode('', $output), true);
$data = array_reverse($data, true);
unset($output);
if ($_SESSION['user'] == 'admin') {
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns_rec.html');
} else {