diff --git a/web/api/index.php b/web/api/index.php index 97f082594..32886446d 100644 --- a/web/api/index.php +++ b/web/api/index.php @@ -31,39 +31,25 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { echo 'Error: authentication failed'; exit; } - - // Prepare arguments - if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']); - if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']); - if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']); - if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']); - if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']); - if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']); - if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']); - if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']); - if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']); - if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']); + + // Prepare for iteration + $args = []; + $i = 0; + + // Loop through args until there isn't another. + while (true) + { + $i++; + if (!empty($_POST['arg' . $i])) + { + $args[] = $_POST['arg' . $i]; + continue; + } + break; + } // Build query - $cmdquery = VESTA_CMD.$cmd." "; - if(!empty($arg1)){ - $cmdquery = $cmdquery.$arg1." "; } - if(!empty($arg2)){ - $cmdquery = $cmdquery.$arg2." "; } - if(!empty($arg3)){ - $cmdquery = $cmdquery.$arg3." "; } - if(!empty($arg4)){ - $cmdquery = $cmdquery.$arg4." "; } - if(!empty($arg5)){ - $cmdquery = $cmdquery.$arg5." "; } - if(!empty($arg6)){ - $cmdquery = $cmdquery.$arg6." "; } - if(!empty($arg7)){ - $cmdquery = $cmdquery.$arg7." "; } - if(!empty($arg8)){ - $cmdquery = $cmdquery.$arg8." "; } - if(!empty($arg9)){ - $cmdquery = $cmdquery.$arg9; } + $cmdquery = VESTA_CMD . $cmd . " " . implode(" ", $args); // Check command if ($cmd == "'v-make-tmp-file'") {