github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "[SECURITY] Fix OS command injection."

Browse source
This commit is contained in:
Serghey Rodin 2015-12-11 21:14:49 +02:00
commit 39e9b6397b
115 changed files with 1980 additions and 1340 deletions
Download patch file Download diff file Expand all files Collapse all files

12
web/suspend/firewall/index.php
View file

@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit;
exit();
}
// Check user
@ -18,13 +18,15 @@ if ($_SESSION['user'] != 'admin') {
}
if (!empty($_GET['rule'])) {
$v_rule = $_GET['rule'];
v_exec('v-suspend-firewall-rule', [$v_rule]);
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-suspend-firewall-rule ".$v_rule, $output, $return_var);
}
check_return_code($return_var,$output);
unset($output);
$back = getenv('HTTP_REFERER');
$back=getenv("HTTP_REFERER");
if (!empty($back)) {
header("Location: $back");
header("Location: ".$back);
exit;
}