github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 18:49:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 ♻️ Implement secure exec wrapper functions.

Browse source
This commit is contained in:
Flat 2015-12-02 21:24:34 +09:00
commit 8e951ac72e
115 changed files with 1345 additions and 1986 deletions
Download patch file Download diff file Expand all files Collapse all files

21
web/unsuspend/db/index.php
View file

@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit();
exit;
}
// Check user
@ -19,19 +19,18 @@ if ($_SESSION['user'] != 'admin') {
}
if (!empty($_GET['user'])) {
$user=$_GET['user'];
}
if (!empty($_GET['database'])) {
$v_username = escapeshellarg($user);
$v_database = escapeshellarg($_GET['database']);
exec (VESTA_CMD."v-unsuspend-database ".$v_username." ".$v_database, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$user = $_GET['user'];
}
$back=getenv("HTTP_REFERER");
if (!empty($_GET['database'])) {
$v_username = $user;
$v_database = $_GET['database'];
v_exec('v-unsuspend-database', [$v_username, $v_database]);
}
$back = getenv('HTTP_REFERER');
if (!empty($back)) {
header("Location: ".$back);
header("Location: $back");
exit;
}