diff --git a/web/api/index.php b/web/api/index.php index 4ea052279..80354da07 100644 --- a/web/api/index.php +++ b/web/api/index.php @@ -26,7 +26,8 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { echo 'Error: only admin is allowed to use API'; exit; } - + + // Prepare arguments if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']); if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']); @@ -39,8 +40,31 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']); if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']); - // Run query - exec (VESTA_CMD.$cmd." ".$arg1." ".$arg2." ".$arg3." ".$arg4." ".$arg5." ".$arg6." ".$arg7." ".$arg8." ".$arg9, $output, $return_var); + // Build query + $cmdquery = VESTA_CMD.$cmd." "; + + if(!empty($arg1)){ + $cmdquery = $cmdquery.$arg1." "; } + if(!empty($arg2)){ + $cmdquery = $cmdquery.$arg2." "; } + if(!empty($arg3)){ + $cmdquery = $cmdquery.$arg3." "; } + if(!empty($arg4)){ + $cmdquery = $cmdquery.$arg4." "; } + if(!empty($arg5)){ + $cmdquery = $cmdquery.$arg5." "; } + if(!empty($arg6)){ + $cmdquery = $cmdquery.$arg6." "; } + if(!empty($arg7)){ + $cmdquery = $cmdquery.$arg7." "; } + if(!empty($arg8)){ + $cmdquery = $cmdquery.$arg8." "; } + if(!empty($arg9)){ + $cmdquery = $cmdquery.$arg9; } + + // Run query + exec ($cmdquery, $output, $return_var); + if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) { echo $return_var; } else { diff --git a/web/search/index.php b/web/search/index.php index bdb9a7166..fc5ffd069 100644 --- a/web/search/index.php +++ b/web/search/index.php @@ -25,7 +25,7 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html'); top_panel($user,$TAB); $lang = 'ru_RU.utf8'; -setlocale(LC_ALL, $lang); +//setlocale(LC_ALL, $lang); // Data if ($_SESSION['user'] == 'admin') {