mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-21 05:44:07 -07:00
Revert "[SECURITY] Fix OS command injection."
This commit is contained in:
Serghey Rodin
parent
9620bfbf35
commit
39e9b6397b
115 changed files with 1980 additions and 1340 deletions
|
|
@ -11,25 +11,28 @@ if (isset($_SESSION['user'])) {
|
|||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
|
||||
if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
|
||||
$v_user = escapeshellarg($_POST['user']);
|
||||
$user = $_POST['user'];
|
||||
$return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
|
||||
if ($return_var == 0) {
|
||||
$data = json_decode($output, true);
|
||||
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
|
||||
exec ($cmd." ".$v_user." json", $output, $return_var);
|
||||
if ( $return_var == 0 ) {
|
||||
$data = json_decode(implode('', $output), true);
|
||||
$rkey = $data[$user]['RKEY'];
|
||||
$fname = $data[$user]['FNAME'];
|
||||
$lname = $data[$user]['LNAME'];
|
||||
$contact = $data[$user]['CONTACT'];
|
||||
$to = $data[$user]['CONTACT'];
|
||||
$subject = __('MAIL_RESET_SUBJECT', date('Y-m-d H:i:s'));
|
||||
$subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s"));
|
||||
$hostname = exec('hostname');
|
||||
$from = __('MAIL_FROM', $hostname);
|
||||
if (!empty($fname) || !empty($lname)) {
|
||||
$mailtext = __('GREETINGS_GORDON_FREEMAN', $fname, $lname);
|
||||
$from = __('MAIL_FROM',$hostname);
|
||||
if (!empty($fname)) {
|
||||
$mailtext = __('GREETINGS_GORDON_FREEMAN',$fname,$lname);
|
||||
} else {
|
||||
$mailtext = __('GREETINGS');
|
||||
}
|
||||
$mailtext .= __('PASSWORD_RESET_REQUEST', $_SERVER['HTTP_HOST'], $user, $rkey, $_SERVER['HTTP_HOST'], $user, $rkey);
|
||||
$mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
|
||||
if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
|
||||
unset($output);
|
||||
}
|
||||
|
||||
header("Location: /reset/?action=code&user=".$_POST['user']);
|
||||
|
|
@ -37,20 +40,23 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
|
|||
}
|
||||
|
||||
if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) {
|
||||
if ($_POST['password'] == $_POST['password_confirm']) {
|
||||
if ( $_POST['password'] == $_POST['password_confirm'] ) {
|
||||
$v_user = escapeshellarg($_POST['user']);
|
||||
$user = $_POST['user'];
|
||||
$return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
|
||||
if ($return_var == 0) {
|
||||
$data = json_decode($output, true);
|
||||
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
|
||||
exec ($cmd." ".$v_user." json", $output, $return_var);
|
||||
if ( $return_var == 0 ) {
|
||||
$data = json_decode(implode('', $output), true);
|
||||
$rkey = $data[$user]['RKEY'];
|
||||
if ($rkey == $_POST['code']) {
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['password']."\n");
|
||||
fclose($fp);
|
||||
$return_var = v_exec('v-change-user-password', [$user, $v_password], false);
|
||||
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password";
|
||||
exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
|
||||
unlink($v_password);
|
||||
if ($return_var > 0) {
|
||||
if ( $return_var > 0 ) {
|
||||
$ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>";
|
||||
} else {
|
||||
$_SESSION['user'] = $_POST['user'];
|
||||
|
|
|
|||
|
|
@ -102,21 +102,25 @@ function to64 ($v, $n)
|
|||
// Check arguments
|
||||
if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) {
|
||||
list($v_account, $v_domain) = explode('@', $_POST['email']);
|
||||
$v_domain = escapeshellarg($v_domain);
|
||||
$v_account = escapeshellarg($v_account);
|
||||
$v_password = $_POST['password'];
|
||||
|
||||
// Get domain owner
|
||||
$return_var = v_exec('v-search-domain-owner', [$v_domain, 'mail'], false, $output);
|
||||
exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var);
|
||||
if ($return_var == 0) {
|
||||
$v_user = strtok($output, "\n");
|
||||
$v_user = $output[0];
|
||||
}
|
||||
unset($output);
|
||||
|
||||
// Get current md5 hash
|
||||
if (!empty($v_user)) {
|
||||
$return_var = v_exec('v-get-mail-account-value', [$v_user, $v_domain, $v_account, 'md5'], false, $output);
|
||||
exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var);
|
||||
if ($return_var == 0) {
|
||||
$v_hash = strtok($output, "\n");
|
||||
$v_hash = $output[0];
|
||||
}
|
||||
}
|
||||
unset($output);
|
||||
|
||||
// Compare hashes
|
||||
if (!empty($v_hash)) {
|
||||
|
|
@ -125,14 +129,14 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
|
|||
$n_hash = '{MD5}'.$n_hash;
|
||||
|
||||
// Change password
|
||||
if ($v_hash == $n_hash) {
|
||||
if ( $v_hash == $n_hash ) {
|
||||
$v_new_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_new_password, "w");
|
||||
fwrite($fp, $_POST['new']."\n");
|
||||
fclose($fp);
|
||||
$return_var = v_exec('v-change-mail-account-password', [$v_user, $v_domain, $v_account, $v_new_password], false, $output);
|
||||
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var);
|
||||
if ($return_var == 0) {
|
||||
echo 'ok';
|
||||
echo "ok";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue