github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 ♻️ Implement secure exec wrapper functions.

Browse source
This commit is contained in:
Flat 2015-12-02 21:24:34 +09:00
commit 8e951ac72e
115 changed files with 1345 additions and 1986 deletions
Download patch file Download diff file Expand all files Collapse all files

13
web/search/index.php
View file

@ -9,9 +9,9 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check query
$q = $_GET['q'];
if (empty($q)) {
$back=getenv("HTTP_REFERER");
$back = getenv('HTTP_REFERER');
if (!empty($back)) {
header("Location: ".$back);
header("Location: $back");
exit;
}
header("Location: /");
@ -28,14 +28,13 @@ $lang = 'ru_RU.utf8';
//setlocale(LC_ALL, $lang);
// Data
$q = escapeshellarg($q);
if ($_SESSION['user'] == 'admin') {
exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
v_exec('v-search-object', [$q, 'json'], false, $output);
$data = json_decode($output, true);
include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');
} else {
exec (VESTA_CMD."v-search-user-object ".$user." ".$q." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
v_exec('v-search-user-object', [$user, $q, 'json'], false, $output);
$data = json_decode($output, true);
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_search.html');
}