mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-14 10:37:39 -07:00
🔒 Fix OS command injection vulnerability.
This commit is contained in:
Flat
parent
8503efa6fe
commit
6e13036780
6 changed files with 9 additions and 8 deletions
|
|
@ -272,7 +272,7 @@ if (!empty($_POST['ok'])) {
|
|||
$fp = fopen($v_ftp_password, "w");
|
||||
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
|
||||
exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_ftp_password);
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ if (!empty($_POST['save'])) {
|
|||
}
|
||||
|
||||
$v_username = $user;
|
||||
$v_job = escapeshellarg($_GET['job']);
|
||||
$v_min = escapeshellarg($_POST['v_min']);
|
||||
$v_hour = escapeshellarg($_POST['v_hour']);
|
||||
$v_day = escapeshellarg($_POST['v_day']);
|
||||
|
|
|
|||
|
|
@ -233,7 +233,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
|
|||
$result = array_diff($aliases, $valiases);
|
||||
foreach ($result as $alias) {
|
||||
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
|
||||
exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
|
||||
exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
}
|
||||
|
|
@ -259,7 +259,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
|
|||
$result = array_diff($fwd, $vfwd);
|
||||
foreach ($result as $forward) {
|
||||
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
|
||||
exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
|
||||
exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -188,14 +188,14 @@ if (!empty($_POST['save'])) {
|
|||
$restart_web = 'yes';
|
||||
$restart_proxy = 'yes';
|
||||
$v_template = escapeshellarg($_POST['v_template']);
|
||||
exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
|
||||
exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".escapeshellarg($alias)." 'no'", $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
if (empty($_SESSION['error_msg'])) {
|
||||
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
|
||||
unset($output);
|
||||
if ($return_var == 0) {
|
||||
exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var);
|
||||
exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".escapeshellarg($alias)." ".$v_ip." no", $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
$restart_dns = 'yes';
|
||||
|
|
@ -520,7 +520,7 @@ if (!empty($_POST['save'])) {
|
|||
$fp = fopen($v_ftp_password, "w");
|
||||
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
|
||||
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
|
||||
$to = $v_ftp_user_data['v_ftp_email'];
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
|
|||
fclose($fp);
|
||||
|
||||
// Check user & password
|
||||
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $return_var);
|
||||
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']), $output, $return_var);
|
||||
unset($output);
|
||||
|
||||
// Remove tmp file
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ $lang = 'ru_RU.utf8';
|
|||
//setlocale(LC_ALL, $lang);
|
||||
|
||||
// Data
|
||||
$q = escapeshellarg($q);
|
||||
if ($_SESSION['user'] == 'admin') {
|
||||
$q = escapeshellarg($q);
|
||||
exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue