:lock: :recycle: Implement secure `exec` wrapper functions.

web/add/cron/autoupdate/index.php

@@ -3,13 +3,12 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
 
 if ($_SESSION['user'] == 'admin') {
-    exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var);
+    v_exec('v-add-cron-vesta-autoupdate', [], false);
     $_SESSION['error_msg'] = __('Autoupdate has been successfully enabled');
-    unset($output);
 }
 
-header("Location: /list/updates/");
+header('Location: /list/updates/');
 exit;

web/add/cron/index.php

@@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -35,18 +35,16 @@ if (!empty($_POST['ok'])) {
     }
 
     // Protect input
-    $v_min = escapeshellarg($_POST['v_min']);
-    $v_hour = escapeshellarg($_POST['v_hour']);
-    $v_day = escapeshellarg($_POST['v_day']);
-    $v_month = escapeshellarg($_POST['v_month']);
-    $v_wday = escapeshellarg($_POST['v_wday']);
-    $v_cmd = escapeshellarg($_POST['v_cmd']);
+    $v_min = $_POST['v_min'];
+    $v_hour = $_POST['v_hour'];
+    $v_day = $_POST['v_day'];
+    $v_month = $_POST['v_month'];
+    $v_wday = $_POST['v_wday'];
+    $v_cmd = $_POST['v_cmd'];
 
     // Add cron job
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-cron-job', [$user, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
     }
 
     // Flush field values on success
@@ -58,7 +56,6 @@ if (!empty($_POST['ok'])) {
         unset($v_month);
         unset($v_wday);
         unset($v_cmd);
-        unset($output);
     }
 }
 

web/add/cron/reports/index.php

@@ -3,11 +3,10 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+include($_SERVER['DOCUMENT_ROOT'].'/inc/main.php');
 
-exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var);
+v_exec('v-add-cron-reports', [$user], false);
 $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
-unset($output);
 
-header("Location: /list/cron/");
+header('Location: /list/cron/');
 exit;

web/add/db/index.php

@@ -12,7 +12,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -30,7 +30,7 @@ if (!empty($_POST['ok'])) {
                 $error_msg = $error_msg.", ".$error;
             }
         }
-        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
     }
 
     // Validate email
@@ -43,12 +43,11 @@ if (!empty($_POST['ok'])) {
     // Check password length
     if (empty($_SESSION['error_msg'])) {
         $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+        if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg);
     }
 
-    // Protect input
-    $v_database = escapeshellarg($_POST['v_database']);
-    $v_dbuser = escapeshellarg($_POST['v_dbuser']);
+    $v_database = $_POST['v_database'];
+    $v_dbuser = $_POST['v_dbuser'];
     $v_type = $_POST['v_type'];
     $v_charset = $_POST['v_charset'];
     $v_host = $_POST['v_host'];
@@ -56,32 +55,24 @@ if (!empty($_POST['ok'])) {
 
     // Add database
     if (empty($_SESSION['error_msg'])) {
-        $v_type = escapeshellarg($_POST['v_type']);
-        $v_charset = escapeshellarg($_POST['v_charset']);
-        $v_host = escapeshellarg($_POST['v_host']);
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
+        $v_password = tempnam('/tmp', 'vst');
+        $fp = fopen($v_password, 'w');
         fwrite($fp, $_POST['v_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-database', [$user, $v_database, $v_dbuser, $v_password, $v_type, $v_host, $v_charset]);
         unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
-        $v_type = $_POST['v_type'];
-        $v_host = $_POST['v_host'];
-        $v_charset = $_POST['v_charset'];
+        $v_password = $_POST['v_password'];
     }
 
     // Get database manager url
     if (empty($_SESSION['error_msg'])) {
-        list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":");
+        list($http_host, $port) = explode(':', $_SERVER['HTTP_HOST'] . ':');
         if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
-        if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin";
-        if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
+        if ($_POST['v_type'] == 'mysql') $db_admin = 'phpMyAdmin';
+        if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://$http_host/phpmyadmin/";
         if (($_POST['v_type'] == 'mysql') && (!empty($_SESSION['DB_PMA_URL']))) $db_admin_link = $_SESSION['DB_PMA_URL'];
-        if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin";
-        if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
+        if ($_POST['v_type'] == 'pgsql') $db_admin = 'phpPgAdmin';
+        if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://$http_host/phppgadmin/";
         if (($_POST['v_type'] == 'pgsql') && (!empty($_SESSION['DB_PGA_URL']))) $db_admin_link = $_SESSION['DB_PGA_URL'];
     }
 
@@ -90,15 +81,15 @@ if (!empty($_POST['ok'])) {
         $to = $v_db_email;
         $subject = __("Database Credentials");
         $hostname = exec('hostname');
-        $from = __('MAIL_FROM',$hostname);
-        $mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
+        $from = __('MAIL_FROM', $hostname);
+        $mailtext = __('DATABASE_READY', $user.'_'.$_POST['v_database'], $user.'_'.$_POST['v_dbuser'], $_POST['v_password'], $db_admin_link);
         send_email($to, $subject, $mailtext, $from);
     }
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database']));
-        $_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>";
+        $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK', htmlentities($user.'_'.$_POST['v_database']), htmlentities($user.'_'.$_POST['v_database']));
+        $_SESSION['ok_msg'] .= " / <a href=$db_admin_link target='_blank'>" . __('open %s', $db_admin) . '</a>';
         unset($v_database);
         unset($v_dbuser);
         unset($v_password);
@@ -117,16 +108,15 @@ top_panel($user,$TAB);
 $v_db_email = $panel[$user]['CONTACT'];
 
 // List avaiable database types
-$db_types = split(",",$_SESSION['DB_SYSTEM']);
+$db_types = explode(',', $_SESSION['DB_SYSTEM']);
 
 // List available database servers
 $db_hosts = array();
 foreach ($db_types as $db_type ) {
-    exec (VESTA_CMD."v-list-database-hosts ".$db_type." 'json'", $output, $return_var);
-    $db_hosts_tmp = json_decode(implode('', $output), true);
+    v_exec('v-list-database-hosts', [$db_type, 'json'], false, $output);
+    $db_hosts_tmp = json_decode($output, true);
     $db_hosts = array_merge($db_hosts, $db_hosts_tmp);
     unset($db_hosts_tmp);
-    unset($output);
 }
 
 // Display body

web/add/dns/index.php

@@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -32,56 +32,47 @@ if (!empty($_POST['ok'])) {
 
     // Protect input
     $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
-    $v_domain = escapeshellarg($v_domain);
     $v_domain = strtolower($v_domain);
-    $v_ip = escapeshellarg($_POST['v_ip']);
-    if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']);
-    if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']);
-    if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']);
-    if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']);
-    if (!empty($_POST['v_ns5'])) $v_ns5 = escapeshellarg($_POST['v_ns5']);
-    if (!empty($_POST['v_ns6'])) $v_ns6 = escapeshellarg($_POST['v_ns6']);
-    if (!empty($_POST['v_ns7'])) $v_ns7 = escapeshellarg($_POST['v_ns7']);
-    if (!empty($_POST['v_ns8'])) $v_ns8 = escapeshellarg($_POST['v_ns8']);
+    $v_ip = $_POST['v_ip'];
+    if (!empty($_POST['v_ns1'])) $v_ns1 = $_POST['v_ns1'];
+    if (!empty($_POST['v_ns2'])) $v_ns2 = $_POST['v_ns2'];
+    if (!empty($_POST['v_ns3'])) $v_ns3 = $_POST['v_ns3'];
+    if (!empty($_POST['v_ns4'])) $v_ns4 = $_POST['v_ns4'];
+    if (!empty($_POST['v_ns5'])) $v_ns5 = $_POST['v_ns5'];
+    if (!empty($_POST['v_ns6'])) $v_ns6 = $_POST['v_ns6'];
+    if (!empty($_POST['v_ns7'])) $v_ns7 = $_POST['v_ns7'];
+    if (!empty($_POST['v_ns8'])) $v_ns8 = $_POST['v_ns8'];
 
     // Add dns domain
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." ".$v_ns5."  ".$v_ns6."  ".$v_ns7." ".$v_ns8." no", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-dns-domain', [$user, $v_domain, $v_ip, $v_ns1, $v_ns2, $v_ns3, $v_ns4, $v_ns5, $v_ns6, $v_ns7, $v_ns8, 'no']);
     }
 
 
     // Set expiriation date
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) {
-            $v_exp = escapeshellarg($_POST['v_exp']);
-            exec (VESTA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $v_exp = $_POST['v_exp'];
+            v_exec('v-change-dns-domain-exp', [$user, $v_domain, $v_exp, 'no']);
         }
     }
 
     // Set ttl
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) {
-            $v_ttl = escapeshellarg($_POST['v_ttl']);
-            exec (VESTA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $v_ttl = $_POST['v_ttl'];
+            v_exec('v-change-dns-domain-ttl', [$user, $v_domain, $v_ttl, 'no']);
         }
     }
 
     // Restart dns server
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-dns');
     }
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
+        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK', htmlentities($_POST[v_domain]), htmlentities($_POST[v_domain]));
         unset($v_domain);
     }
 }
@@ -93,7 +84,7 @@ if (!empty($_POST['ok_rec'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -113,18 +104,15 @@ if (!empty($_POST['ok_rec'])) {
     }
 
     // Protect input
-    $v_domain = escapeshellarg($_POST['v_domain']);
-    $v_rec = escapeshellarg($_POST['v_rec']);
-    $v_type = escapeshellarg($_POST['v_type']);
-    $v_val = escapeshellarg($_POST['v_val']);
-    $v_priority = escapeshellarg($_POST['v_priority']);
+    $v_domain = $_POST['v_domain'];
+    $v_rec = $_POST['v_rec'];
+    $v_type = $_POST['v_type'];
+    $v_val = $_POST['v_val'];
+    $v_priority = $_POST['v_priority'];
 
     // Add dns record
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $v_type = $_POST['v_type'];
+        v_exec('v-add-dns-record', [$user, $v_domain, $v_rec, $v_type, $v_val, $v_priority]);
     }
 
     // Flush field values on success
@@ -159,8 +147,8 @@ if (empty($_GET['domain'])) {
     if (empty($v_ttl)) $v_ttl = 14400;
     if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
     if (empty($v_ns1)) {
-        exec (VESTA_CMD."v-list-user-ns ".$user." json", $output, $return_var);
-        $nameservers = json_decode(implode('', $output), true);
+        v_exec('v-list-user-ns', [$user, 'json'], false, $output);
+        $nameservers = json_decode($output, true);
         $v_ns1 = str_replace("'", "", $nameservers[0]);
         $v_ns2 = str_replace("'", "", $nameservers[1]);
         $v_ns3 = str_replace("'", "", $nameservers[2]);
@@ -169,7 +157,6 @@ if (empty($_GET['domain'])) {
         $v_ns6 = str_replace("'", "", $nameservers[5]);
         $v_ns7 = str_replace("'", "", $nameservers[6]);
         $v_ns8 = str_replace("'", "", $nameservers[7]);
-        unset($output);
     }
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns.html');
 }

web/add/favorite/index.php

@@ -9,15 +9,13 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 //    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
 //        header('location: /login/');
-//        exit();
+//        exit;
 //    }
 
-    // Protect input
-    $v_section = escapeshellarg($_REQUEST['v_section']);
-    $v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
+    $v_section = $_REQUEST['v_section'];
+    $v_unit_id = $_REQUEST['v_unit_id'];
 
-    $_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']] = 1;
+    $_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id] = 1;
 
-    exec (VESTA_CMD."v-add-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var);
-//    check_return_code($return_var,$output);
+    v_exec('v-add-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
 ?>

web/add/firewall/banlist/index.php

@@ -31,15 +31,12 @@ if (!empty($_POST['ok'])) {
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
-    // Protect input
-    $v_chain = escapeshellarg($_POST['v_chain']);
-    $v_ip = escapeshellarg($_POST['v_ip']);
+    $v_chain = $_POST['v_chain'];
+    $v_ip = $_POST['v_ip'];
 
     // Add firewall ban
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-firewall-ban', [$v_ip, $v_chain]);
     }
 
     // Flush field values on success

web/add/firewall/index.php

@@ -20,7 +20,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -39,21 +39,17 @@ if (!empty($_POST['ok'])) {
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
-    // Protect input
-    $v_action = escapeshellarg($_POST['v_action']);
-    $v_protocol = escapeshellarg($_POST['v_protocol']);
-    $v_port = str_replace(" ",",", $_POST['v_port']);
+    $v_action = $_POST['v_action'];
+    $v_protocol = $_POST['v_protocol'];
+    $v_port = str_replace(' ', ',', $_POST['v_port']);
     $v_port = preg_replace('/\,+/', ',', $v_port);
-    $v_port = trim($v_port, ",");
-    $v_port = escapeshellarg($v_port);
-    $v_ip = escapeshellarg($_POST['v_ip']);
-    $v_comment = escapeshellarg($_POST['v_comment']);
+    $v_port = trim($v_port, ',');
+    $v_ip = $_POST['v_ip'];
+    $v_comment = $_POST['v_comment'];
 
     // Add firewall rule
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-firewall-rule ".$v_action." ".$v_ip." ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-firewall-rule', [$v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
     }
 
     // Flush field values on success

web/add/ip/index.php

@@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -38,13 +38,12 @@ if (!empty($_POST['ok'])) {
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
-    // Protect input
-    $v_ip = escapeshellarg($_POST['v_ip']);
-    $v_netmask = escapeshellarg($_POST['v_netmask']);
-    $v_name = escapeshellarg($_POST['v_name']);
-    $v_nat = escapeshellarg($_POST['v_nat']);
-    $v_interface = escapeshellarg($_POST['v_interface']);
-    $v_owner = escapeshellarg($_POST['v_owner']);
+    $v_ip = $_POST['v_ip'];
+    $v_netmask = $_POST['v_netmask'];
+    $v_name = $_POST['v_name'];
+    $v_nat = $_POST['v_nat'];
+    $v_interface = $_POST['v_interface'];
+    $v_owner = $_POST['v_owner'];
     $v_shared = $_POST['v_shared'];
 
     // Check shared checkmark
@@ -53,16 +52,11 @@ if (!empty($_POST['ok'])) {
     } else {
         $ip_status = 'dedicated';
         $v_dedicated = 'yes';
-
     }
 
     // Add IP
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface."  ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $v_owner = $_POST['v_owner'];
-        $v_interface = $_POST['v_interface'];
+        v_exec('v-add-sys-ip', [$v_ip, $v_netmask, $v_interface, $v_owner, $ip_status, $v_name, $v_nat]);
     }
 
     // Flush field values on success
@@ -82,14 +76,12 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // List network interfaces
-exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
-$interfaces = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-interfaces', ['json'], false, $output);
+$interfaces = json_decode($output, true);
 
 // List users
-exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
-$users = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-users',  ['json'], false, $output);
+$users = json_decode($output, true);
 
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');

web/add/mail/index.php

@@ -14,7 +14,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -53,19 +53,16 @@ if (!empty($_POST['ok'])) {
 
     // Set domain name to lowercase and remove www prefix
     $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
-    $v_domain = escapeshellarg($v_domain);
     $v_domain = strtolower($v_domain);
 
     // Add mail domain
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-mail-domain', [$user, $v_domain, $v_antispam, $v_antivirus, $v_dkim]);
     }
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
+        $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK', htmlentities($_POST['v_domain']), htmlentities($_POST['v_domain']));
         unset($v_domain);
     }
 }
@@ -77,7 +74,7 @@ if (!empty($_POST['ok_acc'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -92,17 +89,16 @@ if (!empty($_POST['ok_acc'])) {
                 $error_msg = $error_msg.", ".$error;
             }
         }
-        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
     }
 
     // Protect input
-    $v_domain = escapeshellarg($_POST['v_domain']);
-    $v_domain = strtolower($v_domain);
-    $v_account = escapeshellarg($_POST['v_account']);
-    $v_quota = escapeshellarg($_POST['v_quota']);
+    $v_domain = strtolower($_POST['v_domain']);
+    $v_account = $_POST['v_account'];
+    $v_quota = $_POST['v_quota'];
     $v_aliases = $_POST['v_aliases'];
     $v_fwd = $_POST['v_fwd'];
-    if (empty($_POST['v_quota'])) $v_quota = 0;
+    if (empty($_POST['v_quota'])) $v_quota = '0';
     if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes';
 
     // Add Mail Account
@@ -111,65 +107,55 @@ if (!empty($_POST['ok_acc'])) {
         $fp = fopen($v_password, "w");
         fwrite($fp, $_POST['v_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-mail-account', [$user, $v_domain, $v_account, $v_password, $v_quota]);
         unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        $v_password = $_POST['v_password'];
     }
 
     // Add Aliases
     if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
-        $valiases = preg_replace("/\n/", " ", $_POST['v_aliases']);
-        $valiases = preg_replace("/,/", " ", $valiases);
+        $valiases = preg_replace('/\n/', ' ', $_POST['v_aliases']);
+        $valiases = preg_replace('/,/', ' ', $valiases);
         $valiases = preg_replace('/\s+/', ' ',$valiases);
         $valiases = trim($valiases);
-        $aliases = explode(" ", $valiases);
+        $aliases = explode(' ', $valiases);
         foreach ($aliases as $alias) {
-            $alias = escapeshellarg($alias);
             if (empty($_SESSION['error_msg'])) {
-                exec (VESTA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-add-mail-account-alias', [$user, $v_domain, $v_account, $alias]);
             }
         }
     }
 
     // Add Forwarders
     if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
-        $vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
-        $vfwd = preg_replace("/,/", " ", $vfwd);
+        $vfwd = preg_replace('/\n/', ' ', $_POST['v_fwd']);
+        $vfwd = preg_replace('/,/', ' ', $vfwd);
         $vfwd = preg_replace('/\s+/', ' ',$vfwd);
         $vfwd = trim($vfwd);
-        $fwd = explode(" ", $vfwd);
+        $fwd = explode(' ', $vfwd);
         foreach ($fwd as $forward) {
-            $forward = escapeshellarg($forward);
             if (empty($_SESSION['error_msg'])) {
-                exec (VESTA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-add-mail-account-forward', [$user, $v_domain, $v_account, $forward]);
             }
         }
     }
 
     // Add fwd_only flag
     if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-mail-account-fwd-only', [$user, $v_domain, $v_account]);
     }
 
     // Get webmail url
     if (empty($_SESSION['error_msg'])) {
-        list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
-        $webmail = "http://".$http_host."/webmail/";
+        list($http_host, $port) = explode(':', $_SERVER['HTTP_HOST'].':');
+        $webmail = "http://$http_host/webmail/";
         if (!empty($_SESSION['MAIL_URL'])) $webmail = $_SESSION['MAIL_URL'];
     }
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]));
-        $_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
+        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK', htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']), htmlentities(strtolower($_POST['v_account'])), htmlentities($_POST['v_domain']));
+        $_SESSION['ok_msg'] .= " / <a href=$webmail target='_blank'>" . __('open webmail') . '</a>';
         unset($v_account);
         unset($v_password);
         unset($v_password);

web/add/package/index.php

@@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -57,24 +57,23 @@ if (!empty($_POST['ok'])) {
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
-    // Protect input
-    $v_package = escapeshellarg($_POST['v_package']);
-    $v_web_template = escapeshellarg($_POST['v_web_template']);
-    $v_backend_template = escapeshellarg($_POST['v_backend_template']);
-    $v_proxy_template = escapeshellarg($_POST['v_proxy_template']);
-    $v_dns_template = escapeshellarg($_POST['v_dns_template']);
-    $v_shell = escapeshellarg($_POST['v_shell']);
-    $v_web_domains = escapeshellarg($_POST['v_web_domains']);
-    $v_web_aliases = escapeshellarg($_POST['v_web_aliases']);
-    $v_dns_domains = escapeshellarg($_POST['v_dns_domains']);
-    $v_dns_records = escapeshellarg($_POST['v_dns_records']);
-    $v_mail_domains = escapeshellarg($_POST['v_mail_domains']);
-    $v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']);
-    $v_databases = escapeshellarg($_POST['v_databases']);
-    $v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']);
-    $v_backups = escapeshellarg($_POST['v_backups']);
-    $v_disk_quota = escapeshellarg($_POST['v_disk_quota']);
-    $v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
+    $v_package = $_POST['v_package'];
+    $v_web_template = $_POST['v_web_template'];
+    $v_backend_template = $_POST['v_backend_template'];
+    $v_proxy_template = $_POST['v_proxy_template'];
+    $v_dns_template = $_POST['v_dns_template'];
+    $v_shell = $_POST['v_shell'];
+    $v_web_domains = $_POST['v_web_domains'];
+    $v_web_aliases = $_POST['v_web_aliases'];
+    $v_dns_domains = $_POST['v_dns_domains'];
+    $v_dns_records = $_POST['v_dns_records'];
+    $v_mail_domains = $_POST['v_mail_domains'];
+    $v_mail_accounts = $_POST['v_mail_accounts'];
+    $v_databases = $_POST['v_databases'];
+    $v_cron_jobs = $_POST['v_cron_jobs'];
+    $v_backups = $_POST['v_backups'];
+    $v_disk_quota = $_POST['v_disk_quota'];
+    $v_bandwidth = $_POST['v_bandwidth'];
     $v_ns1 = trim($_POST['v_ns1'], '.');
     $v_ns2 = trim($_POST['v_ns2'], '.');
     $v_ns3 = trim($_POST['v_ns3'], '.');
@@ -90,43 +89,46 @@ if (!empty($_POST['ok'])) {
     if (!empty($v_ns6)) $v_ns .= ",".$v_ns6;
     if (!empty($v_ns7)) $v_ns .= ",".$v_ns7;
     if (!empty($v_ns8)) $v_ns .= ",".$v_ns8;
-    $v_ns = escapeshellarg($v_ns);
-    $v_time = escapeshellarg(date('H:i:s'));
-    $v_date = escapeshellarg(date('Y-m-d'));
+    $v_time = date('H:i:s');
+    $v_date = date('Y-m-d');
 
     // Create temporary dir
     if (empty($_SESSION['error_msg'])) {
-        exec ('mktemp -d', $output, $return_var);
+        exec('mktemp -d', $output, $return_var);
         $tmpdir = $output[0];
-        check_return_code($return_var,$output);
+        check_return_code($return_var, $output);
         unset($output);
     }
 
     // Create package file
     if (empty($_SESSION['error_msg'])) {
-        $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
-        if (!empty($_SESSION['WEB_BACKEND'])) {
-            $pkg .= "BACKEND_TEMPLATE=".$v_backend_template."\n";
+        $a_pkg = [
+            'WEB_TEMPLATE'     => $v_web_template,
+            'BACKEND_TEMPLATE' => !empty($_SESSION['WEB_BACKEND']) ? $v_backend_template : null,
+            'PROXY_TEMPLATE'   => !empty($_SESSION['PROXY_SYSTEM']) ? $v_proxy_template : null,
+            'DNS_TEMPLATE'     => $v_dns_template,
+            'WEB_DOMAINS'      => $v_web_domains,
+            'WEB_ALIASES'      => $v_web_aliases,
+            'DNS_DOMAINS'      => $v_dns_domains,
+            'DNS_RECORDS'      => $v_dns_records,
+            'MAIL_DOMAINS'     => $v_mail_domains,
+            'MAIL_ACCOUNTS'    => $v_mail_accounts,
+            'DATABASES'        => $v_databases,
+            'CRON_JOBS'        => $v_cron_jobs,
+            'DISK_QUOTA'       => $v_disk_quota,
+            'BANDWIDTH'        => $v_bandwidth,
+            'NS'               => $v_ns,
+            'SHELL'            => $v_shell,
+            'BACKUPS'          => $v_backups,
+            'TIME'             => $v_time,
+            'DATE'             => $v_date,
+        ];
+
+        $pkg = '';
+        foreach ($a_pkg as $key => $value) {
+            if (is_null($value)) continue;
+            $pkg .= $key . '=' . escapeshellarg($value) . "\n";
         }
-        if (!empty($_SESSION['PROXY_SYSTEM'])) {
-            $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
-        }
-        $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
-        $pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
-        $pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
-        $pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
-        $pkg .= "DNS_RECORDS=".$v_dns_records."\n";
-        $pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
-        $pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
-        $pkg .= "DATABASES=".$v_databases."\n";
-        $pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
-        $pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
-        $pkg .= "BANDWIDTH=".$v_bandwidth."\n";
-        $pkg .= "NS=".$v_ns."\n";
-        $pkg .= "SHELL=".$v_shell."\n";
-        $pkg .= "BACKUPS=".$v_backups."\n";
-        $pkg .= "TIME=".$v_time."\n";
-        $pkg .= "DATE=".$v_date."\n";
 
         $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
         fwrite($fp, $pkg);
@@ -135,18 +137,15 @@ if (!empty($_POST['ok'])) {
 
     // Add new package
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-user-package', [$tmpdir, $v_package]);
     }
 
-    // Remove tmpdir 
-    exec ('rm -rf '.$tmpdir, $output, $return_var);
-    unset($output);
+    // Remove tmpdir
+    safe_exec('rm', ['-rf', $tmpdir]);
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',htmlentities($_POST['v_package']),htmlentities($_POST['v_package']));
+        $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK', htmlentities($_POST['v_package']), htmlentities($_POST['v_package']));
         unset($v_package);
     }
 
@@ -160,33 +159,28 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // List web temmplates
-exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
-$web_templates = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-web-templates', ['json'], false, $output);
+$web_templates = json_decode($output, true);
 
 // List web templates for backend
 if (!empty($_SESSION['WEB_BACKEND'])) {
-    exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
-    $backend_templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-web-templates-backend', ['json'], false, $output);
+    $backend_templates = json_decode($output, true);
 }
 
 // List web templates for proxy
 if (!empty($_SESSION['PROXY_SYSTEM'])) {
-    exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
-    $proxy_templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-web-templates-proxy', ['json'], false, $output);
+    $proxy_templates = json_decode($output, true);
 }
 
 // List DNS templates
-exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-$dns_templates = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-dns-templates', ['json'], false, $output);
+$dns_templates = json_decode($output, true);
 
 // List system shells
-exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-$shells = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-shells', ['json'], false, $output);
+$shells = json_decode($output, true);
 
 // Set default values
 if (empty($v_web_template)) $v_web_template = 'default';
@@ -194,17 +188,17 @@ if (empty($v_backend_template)) $v_backend_template = 'default';
 if (empty($v_proxy_template)) $v_proxy_template = 'default';
 if (empty($v_dns_template)) $v_dns_template = 'default';
 if (empty($v_shell)) $v_shell = 'nologin';
-if (empty($v_web_domains)) $v_web_domains = "'1'";
-if (empty($v_web_aliases)) $v_web_aliases = "'1'";
-if (empty($v_dns_domains)) $v_dns_domains = "'1'";
-if (empty($v_dns_records)) $v_dns_records = "'1'";
-if (empty($v_mail_domains)) $v_mail_domains = "'1'";
-if (empty($v_mail_accounts)) $v_mail_accounts = "'1'";
-if (empty($v_databases)) $v_databases = "'1'";
-if (empty($v_cron_jobs)) $v_cron_jobs = "'1'";
-if (empty($v_backups)) $v_backups = "'1'";
-if (empty($v_disk_quota)) $v_disk_quota = "'1000'";
-if (empty($v_bandwidth)) $v_bandwidth = "'1000'";
+if (empty($v_web_domains)) $v_web_domains = '1';
+if (empty($v_web_aliases)) $v_web_aliases = '1';
+if (empty($v_dns_domains)) $v_dns_domains = '1';
+if (empty($v_dns_records)) $v_dns_records = '1';
+if (empty($v_mail_domains)) $v_mail_domains = '1';
+if (empty($v_mail_accounts)) $v_mail_accounts = '1';
+if (empty($v_databases)) $v_databases = '1';
+if (empty($v_cron_jobs)) $v_cron_jobs = '1';
+if (empty($v_backups)) $v_backups = '1';
+if (empty($v_disk_quota)) $v_disk_quota = '1000';
+if (empty($v_bandwidth)) $v_bandwidth = '1000';
 if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
 if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';
 

web/add/user/index.php

@@ -19,7 +19,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -48,16 +48,15 @@ if (!empty($_POST['ok'])) {
     // Check password length
     if (empty($_SESSION['error_msg'])) {
         $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+        if ($pw_len < 6) $_SESSION['error_msg'] = __('Password is too short.', $error_msg);
     }
 
-    // Protect input
-    $v_username = escapeshellarg($_POST['v_username']);
-    $v_email = escapeshellarg($_POST['v_email']);
-    $v_package = escapeshellarg($_POST['v_package']);
-    $v_language = escapeshellarg($_POST['v_language']);
-    $v_fname = escapeshellarg($_POST['v_fname']);
-    $v_lname = escapeshellarg($_POST['v_lname']);
+    $v_username = $_POST['v_username'];
+    $v_email = $_POST['v_email'];
+    $v_package = $_POST['v_package'];
+    $v_language = $_POST['v_language'];
+    $v_fname = $_POST['v_fname'];
+    $v_lname = $_POST['v_lname'];
     $v_notify = $_POST['v_notify'];
 
 
@@ -67,18 +66,14 @@ if (!empty($_POST['ok'])) {
         $fp = fopen($v_password, "w");
         fwrite($fp, $_POST['v_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-user', [$v_username, $v_password, $v_email, $v_package, $v_fname, $v_lname]);
         unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        $v_password = $_POST['v_password'];
     }
 
     // Set language
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-change-user-language', [$v_username, $v_language]);
     }
 
     // Send email to the new user
@@ -86,7 +81,6 @@ if (!empty($_POST['ok'])) {
         $to = $_POST['v_notify'];
         $subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
         $hostname = exec('hostname');
-        unset($output);
         $from = _translate($_POST['v_language'],'MAIL_FROM',$hostname);
         if (!empty($_POST['v_fname'])) {
             $mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']);
@@ -118,15 +112,13 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // List hosting packages
-exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
+$return_var = v_exec('v-list-user-packages', ['json'], false, $output);
 check_error($return_var);
-$data = json_decode(implode('', $output), true);
-unset($output);
+$data = json_decode($output, true);
 
 // List languages
-exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-$languages = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-languages', ['json'], false, $output);
+$languages = json_decode($output, true);
 
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');

web/add/web/index.php

@@ -13,7 +13,7 @@ if (!empty($_POST['ok'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check for empty fields
@@ -42,11 +42,10 @@ if (!empty($_POST['ok'])) {
 
     // Set domain to lowercase and remove www prefix
     $v_domain = preg_replace("/^www\./i", "", $_POST['v_domain']);
-    $v_domain = escapeshellarg($v_domain);
     $v_domain = strtolower($v_domain);
 
     // Define domain ip address
-    $v_ip = escapeshellarg($_POST['v_ip']);
+    $v_ip = $_POST['v_ip'];
 
     // Define domain aliases
     $v_aliases = $_POST['v_aliases'];
@@ -54,11 +53,10 @@ if (!empty($_POST['ok'])) {
     $aliases = preg_replace("/\r/", ",", $aliases);
     $aliases = preg_replace("/\t/", ",", $aliases);
     $aliases = preg_replace("/ /", ",", $aliases);
-    $aliases_arr = explode(",", $aliases);
+    $aliases_arr = explode(',', $aliases);
     $aliases_arr = array_unique($aliases_arr);
     $aliases_arr = array_filter($aliases_arr);
-    $aliases = implode(",",$aliases_arr);
-    $aliases = escapeshellarg($aliases);
+    $aliases = implode(',', $aliases_arr);
 
     // Define proxy extentions
     $v_proxy_ext = $_POST['v_proxy_ext'];
@@ -66,11 +64,10 @@ if (!empty($_POST['ok'])) {
     $proxy_ext = preg_replace("/\r/", ",", $proxy_ext);
     $proxy_ext = preg_replace("/\t/", ",", $proxy_ext);
     $proxy_ext = preg_replace("/ /", ",", $proxy_ext);
-    $proxy_ext_arr = explode(",", $proxy_ext);
+    $proxy_ext_arr = explode(',', $proxy_ext);
     $proxy_ext_arr = array_unique($proxy_ext_arr);
     $proxy_ext_arr = array_filter($proxy_ext_arr);
-    $proxy_ext = implode(",",$proxy_ext_arr);
-    $proxy_ext = escapeshellarg($proxy_ext);
+    $proxy_ext = implode(',', $proxy_ext_arr);
 
     // Define other options
     $v_elog = $_POST['v_elog'];
@@ -79,7 +76,7 @@ if (!empty($_POST['ok'])) {
     $v_ssl_key = $_POST['v_ssl_key'];
     $v_ssl_ca = $_POST['v_ssl_ca'];
     $v_ssl_home = $data[$v_domain]['SSL_HOME'];
-    $v_stats = escapeshellarg($_POST['v_stats']);
+    $v_stats = $_POST['v_stats'];
     $v_stats_user = $data[$v_domain]['STATS_USER'];
     $v_stats_password = $data[$v_domain]['STATS_PASSWORD'];
     $v_ftp = $_POST['v_ftp'];
@@ -104,44 +101,32 @@ if (!empty($_POST['ok'])) {
 
     // Add web domain
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-web-domain', [$user, $v_domain, $v_ip, 'no', $aliases, $proxy_ext]);
         $domain_added = empty($_SESSION['error_msg']);
     }
 
     // Add DNS domain
     if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-dns-domain', [$user, $v_domain, $v_ip]);
     }
 
     // Add DNS for domain aliases
     if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
         foreach ($aliases_arr as $alias) {
-            if ($alias != "www.".$_POST['v_domain']) {
-                $alias = escapeshellarg($alias);
-                exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+            if ($alias != 'www.' . $_POST['v_domain']) {
+                v_exec('v-add-dns-on-web-alias', [$user, $alias, $v_ip, 'no']);
             }
         }
     }
 
     // Add mail domain
     if (($_POST['v_mail'] == 'on') && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-mail-domain', [$user, $v_domain]);
     }
 
     // Delete proxy support
     if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off')  && (empty($_SESSION['error_msg']))) {
-        $ext = escapeshellarg($ext);
-        exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-delete-web-domain-proxy', [$user, $v_domain, 'no']);
     }
 
     // Add SSL certificates
@@ -174,60 +159,46 @@ if (!empty($_POST['ok'])) {
             fclose($fp);
         }
 
-        $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
-        exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_ssl_home = $_POST['v_ssl_home'];
+        v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
     }
 
     // Add web stats
     if ((!empty($_POST['v_stats'])) && ($_POST['v_stats'] != 'none' ) && (empty($_SESSION['error_msg']))) {
-        $v_stats = escapeshellarg($_POST['v_stats']);
-        exec (VESTA_CMD."v-add-web-domain-stats ".$user." ".$v_domain." ".$v_stats, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_stats = $_POST['v_stats'];
+        v_exec('v-add-web-domain-stats', [$user, $v_domain, $v_stats]);
     }
 
     // Add web stats password
     if ((!empty($_POST['v_stats_user'])) && (empty($_SESSION['error_msg']))) {
-        $v_stats_user = escapeshellarg($_POST['v_stats_user']);
+        $v_stats_user = $_POST['v_stats_user'];
         $v_stats_password = tempnam("/tmp","vst");
         $fp = fopen($v_stats_password, "w");
         fwrite($fp, $_POST['v_stats_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-add-web-domain-stats-user ".$user." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-web-domain-stats-user', [$user, $v_domain, $v_stats_user, $v_stats_password]);
         unlink($v_stats_password);
-        $v_stats_password = escapeshellarg($_POST['v_stats_password']);
+        $v_stats_password = $_POST['v_stats_password'];
     }
 
     // Restart DNS server
     if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-dns');
     }
 
     // Restart web server
     if (empty($_SESSION['error_msg'])) {
-        exec (VESTA_CMD."v-restart-web", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-web');
     }
 
     // Restart backend server
     //if ((!empty($_SESSION['WEB_BACKEND'])) && (empty($_SESSION['error_msg']))) {
-    //    exec (VESTA_CMD."v-restart-web-backend", $output, $return_var);
-    //    check_return_code($return_var,$output);
-    //    unset($output);
+    //    v_exec('v-restart-backend');
     //}
 
     // Restart proxy server
     if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'on') && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-proxy');
     }
 
     // Add FTP
@@ -265,22 +236,19 @@ if (!empty($_POST['ok'])) {
                 $v_ftp_user_data['v_ftp_user'] = preg_replace("/^".$user."_/i", "", $v_ftp_user_data['v_ftp_user']);
                 $v_ftp_username      = $v_ftp_user_data['v_ftp_user'];
                 $v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
-                $v_ftp_user = escapeshellarg($v_ftp_user_data['v_ftp_user']);
                 if ($domain_added) {
-                    $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
+                    $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
                     $v_ftp_password = tempnam("/tmp","vst");
                     $fp = fopen($v_ftp_password, "w");
                     fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
                     fclose($fp);
-                    exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
-                    check_return_code($return_var,$output);
-                    unset($output);
+                    v_exec('v-add-web-domain-ftp', [$user, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
                     unlink($v_ftp_password);
                     if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
                         $to = $v_ftp_user_data['v_ftp_email'];
-                        $subject = __("FTP login credentials");
-                        $from = __('MAIL_FROM',$_POST['v_domain']);
-                        $mailtext = __('FTP_ACCOUNT_READY',$_POST['v_domain'],$user,$v_ftp_user_data['v_ftp_user'],$v_ftp_user_data['v_ftp_password']);
+                        $subject = __('FTP login credentials');
+                        $from = __('MAIL_FROM', $_POST['v_domain']);
+                        $mailtext = __('FTP_ACCOUNT_READY', $_POST['v_domain'], $user, $v_ftp_username, $v_ftp_user_data['v_ftp_password']);
                         send_email($to, $subject, $mailtext, $from);
                         unset($v_ftp_email);
                     }
@@ -289,13 +257,13 @@ if (!empty($_POST['ok'])) {
                 }
 
                 if ($return_var == 0) {
-                    $v_ftp_password = "••••••••";
+                    $v_ftp_password = '••••••••';
                     $v_ftp_user_data['is_new'] = 0;
                 } else {
                     $v_ftp_user_data['is_new'] = 1;
                 }
 
-                $v_ftp_username = preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
+                $v_ftp_username = preg_replace("/^{$user}_/", '', $v_ftp_user_data['v_ftp_user']);
                 $v_ftp_users_updated[] = array(
                     'is_new'            => $v_ftp_user_data['is_new'],
                     'v_ftp_user'        => $return_var == 0 ? $v_ftp_username_full : $v_ftp_username,
@@ -311,8 +279,8 @@ if (!empty($_POST['ok'])) {
         if (!empty($_SESSION['error_msg']) && $domain_added) {
             $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
             $_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
-            $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain']));
-            header('Location: ' . $url);
+            $url = '/edit/web/?domain=' . strtolower(preg_replace('/^www\./i', '', $_POST['v_domain']));
+            header("Location: $url");
             exit;
         }
     }
@@ -344,14 +312,12 @@ $v_ftp_user_prepath = $panel[$user]['HOME'] . "/web";
 $v_ftp_email = $panel[$user]['CONTACT'];
 
 // List IP addresses
-exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
-$ips = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-ips', [$user, 'json'], false, $output);
+$ips = json_decode($output, true);
 
 // List web stat engines
-exec (VESTA_CMD."v-list-web-stats json", $output, $return_var);
-$stats = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-web-stats', ['json'], false, $output);
+$stats = json_decode($output, true);
 
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_web.html');

web/api/index.php

@@ -2,7 +2,6 @@
 define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');
 
 if (isset($_POST['user']) || isset($_POST['hash'])) {
-
     // Authentication
     $auth_code = 1;
     if (empty($_POST['hash'])) {
@@ -12,18 +11,18 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
             exit;
         }
 
-        $v_user = escapeshellarg($_POST['user']);
+        $v_user = $_POST['user'];
         $v_password = tempnam("/tmp","vst");
         $fp = fopen($v_password, "w");
         fwrite($fp, $_POST['password']."\n");
         fclose($fp);
-        $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
-        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'",  $output, $auth_code);
+        $v_ip_addr = $_SERVER['REMOTE_ADDR'];
+        $auth_code = v_exec('v-check-user-password', [$v_user, $v_password, $v_ip_addr], false);
         unlink($v_password);
     } else {
         $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
         if (file_exists($key) && is_file($key)) {
-            $auth_code = '0';
+            $auth_code = 0;
         }
     }
 
@@ -33,37 +32,17 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
     }
 
     // Prepare arguments
-    if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
-    if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);
-    if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']);
-    if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']);
-    if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']);
-    if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']);
-    if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']);
-    if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']);
-    if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']);
-    if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']);
-
-    // Build query
-    $cmdquery = VESTA_CMD.$cmd." ";
-    if(!empty($arg1)){
-         $cmdquery = $cmdquery.$arg1." "; }
-    if(!empty($arg2)){
-         $cmdquery = $cmdquery.$arg2." "; }
-    if(!empty($arg3)){
-         $cmdquery = $cmdquery.$arg3." "; }
-    if(!empty($arg4)){
-         $cmdquery = $cmdquery.$arg4." "; }
-    if(!empty($arg5)){
-         $cmdquery = $cmdquery.$arg5." "; }
-    if(!empty($arg6)){
-         $cmdquery = $cmdquery.$arg6." "; }
-    if(!empty($arg7)){
-         $cmdquery = $cmdquery.$arg7." "; }
-    if(!empty($arg8)){
-         $cmdquery = $cmdquery.$arg8." "; }
-    if(!empty($arg9)){
-         $cmdquery = $cmdquery.$arg9; }
+    $args = [];
+    if (isset($_POST['cmd'])) $cmd = $_POST['cmd'];
+    if (isset($_POST['arg1'])) $args[] = $_POST['arg1'];
+    if (isset($_POST['arg2'])) $args[] = $_POST['arg2'];
+    if (isset($_POST['arg3'])) $args[] = $_POST['arg3'];
+    if (isset($_POST['arg4'])) $args[] = $_POST['arg4'];
+    if (isset($_POST['arg5'])) $args[] = $_POST['arg5'];
+    if (isset($_POST['arg6'])) $args[] = $_POST['arg6'];
+    if (isset($_POST['arg7'])) $args[] = $_POST['arg7'];
+    if (isset($_POST['arg8'])) $args[] = $_POST['arg8'];
+    if (isset($_POST['arg9'])) $args[] = $_POST['arg9'];
 
     // Check command
     if ($cmd == "'v-make-tmp-file'") {
@@ -74,7 +53,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         $return_var = 0;
     } else {
         // Run normal cmd query
-        exec ($cmdquery, $output, $return_var);
+        $return_var = v_exec($cmd, $args, false, $output);
     }
 
     if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) {
@@ -83,7 +62,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
         if (($return_var == 0) && (empty($output))) {
             echo "OK";
         } else {
-            echo implode("\n",$output)."\n";
+            echo $output . "\n";
         }
     }
 }

web/bulk/backup/exclusions/index.php

@@ -16,8 +16,7 @@ switch ($action) {
 }
 
 foreach ($backup as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
+    v_exec($cmd, [$user, $value], false);
 }
 
 header("Location: /list/backup/exclusions");

web/bulk/backup/index.php

@@ -12,7 +12,7 @@ $action = $_POST['action'];
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 switch ($action) {
@@ -22,8 +22,7 @@ switch ($action) {
 }
 
 foreach ($backup as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
+    v_exec($cmd, [$user, $value], false);
 }
 
 header("Location: /list/backup/");

web/bulk/cron/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $job = $_POST['job'];
@@ -24,19 +24,15 @@ if ($_SESSION['user'] == 'admin') {
         case 'unsuspend': $cmd='v-unsuspend-cron-job';
             break;
         case 'delete-cron-reports': $cmd='v-delete-cron-reports';
-            exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
+            v_exec($cmd, [$user], false);
             $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled');
-            unset($output);
             header("Location: /list/cron/");
             exit;
-            break;
         case 'add-cron-reports': $cmd='v-add-cron-reports';
-            exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
+            v_exec($cmd, [$user], false);
             $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
-            unset($output);
             header("Location: /list/cron/");
             exit;
-            break;
         default: header("Location: /list/cron/"); exit;
     }
 } else {
@@ -44,31 +40,26 @@ if ($_SESSION['user'] == 'admin') {
         case 'delete': $cmd='v-delete-cron-job';
             break;
         case 'delete-cron-reports': $cmd='v-delete-cron-reports';
-            exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
+            v_exec($cmd, [$user], false);
             $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully diabled');
-            unset($output);
             header("Location: /list/cron/");
             exit;
-            break;
         case 'add-cron-reports': $cmd='v-add-cron-reports';
-            exec (VESTA_CMD.$cmd." ".$user, $output, $return_var);
+            v_exec($cmd, [$user], false);
             $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
-            unset($output);
             header("Location: /list/cron/");
             exit;
-            break;
         default: header("Location: /list/cron/"); exit;
     }
 }
 
 foreach ($job as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
+    v_exec($cmd, [$user, $value, 'no'], false);
     $restart = 'yes';
 }
 
 if (!empty($restart)) {
-    exec (VESTA_CMD."v-restart-cron", $output, $return_var);
+    v_exec('v-restart-cron', [], false);
 }
 
 header("Location: /list/cron/");

web/bulk/db/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $database = $_POST['database'];
@@ -34,8 +34,7 @@ if ($_SESSION['user'] == 'admin') {
 }
 
 foreach ($database as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
+    v_exec($cmd, [$user, $value], false);
 }
 
 header("Location: /list/db/");

web/bulk/dns/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $domain = $_POST['domain'];
@@ -58,25 +58,22 @@ if ($_SESSION['user'] == 'admin') {
 if (empty($record)) {
     foreach ($domain as $value) {
         // DNS
-        $value = escapeshellarg($value);
-        exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
+        v_exec($cmd, [$user, $value, 'no'], false);
         $restart = 'yes';
     }
 } else {
     foreach ($record as $value) {
         // DNS Record
-        $value = escapeshellarg($value);
-        $dom = escapeshellarg($domain);
-        exec (VESTA_CMD.$cmd." ".$user." ".$dom." ".$value." no", $output, $return_var);
+        v_exec($cmd, [$user, $domain, $value, 'no'], false);
         $restart = 'yes';
     }
 }
 
 if (!empty($restart)) {
-    exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+    v_exec('v-restart-dns', [], false);
 }
 
-if (empty($record)) { 
+if (empty($record)) {
     header("Location: /list/dns/");
     exit;
 } else {

web/bulk/firewall/banlist/index.php

@@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Check user
@@ -22,10 +22,7 @@ if ($_SESSION['user'] != 'admin') {
 $ipchain = $_POST['ipchain'];
 /*if (!empty($_POST['ipchain'])) {
     $ipchain = $_POST['ipchain'];
-    list($ip,$chain) = split(":",$ipchain);
-    $v_ip = escapeshellarg($ip);
-    $v_chain = escapeshellarg($chain);
-
+    list($ip, $chain) = explode(':', $ipchain);
 }*/
 
 $action = $_POST['action'];
@@ -37,10 +34,8 @@ switch ($action) {
 }
 
 foreach ($ipchain as $value) {
-    list($ip,$chain) = split(":",$value);
-    $v_ip    = escapeshellarg($ip);
-    $v_chain = escapeshellarg($chain);
-    exec (VESTA_CMD.$cmd." ".$v_ip." ".$v_chain, $output, $return_var);
+    list($ip, $chain) = explode(':', $value);
+    v_exec($cmd, [$ip, $chain], false);
 }
 
 header("Location: /list/firewall/banlist");

web/bulk/firewall/index.php

@@ -10,7 +10,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Check user
@@ -34,8 +34,7 @@ switch ($action) {
 }
 
 foreach ($rule as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
+    v_exec($cmd, [$value], false);
     $restart = 'yes';
 }
 

web/bulk/ip/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $ip = $_POST['ip'];
@@ -17,11 +17,11 @@ $action = $_POST['action'];
 
 if ($_SESSION['user'] == 'admin') {
     switch ($action) {
-        case 'reread IP': exec(VESTA_CMD."v-update-sys-ip", $output, $return_var);
-                header("Location: /list/ip/");
-                exit;
-            break;
-        case 'delete': $cmd='v-delete-sys-ip';
+        case 'reread IP': $cmd = 'v-update-sys-ip';
+            v_exec($cmd, [], false);
+            header('Location: /list/ip/');
+            exit;
+        case 'delete': $cmd = 'v-delete-sys-ip';
             break;
         default: header("Location: /list/ip/"); exit;
     }
@@ -31,8 +31,7 @@ if ($_SESSION['user'] == 'admin') {
 }
 
 foreach ($ip as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
+    v_exec($cmd, [$value], false);
 }
 
 header("Location: /list/ip/");

web/bulk/mail/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $domain = $_POST['domain'];
@@ -58,21 +58,18 @@ if ($_SESSION['user'] == 'admin') {
 if (empty($account)) {
     foreach ($domain as $value) {
         // Mail
-        $value = escapeshellarg($value);
-        exec (VESTA_CMD.$cmd." ".$user." ".$value, $output, $return_var);
+        v_exec($cmd, [$user, $value], false);
         $restart = 'yes';
     }
 } else {
     foreach ($account as $value) {
         // Mail Account
-        $value = escapeshellarg($value);
-        $dom = escapeshellarg($domain);
-        exec (VESTA_CMD.$cmd." ".$user." ".$dom." ".$value, $output, $return_var);
+        v_exec($cmd, [$user, $domain, $value], false);
         $restart = 'yes';
     }
 }
 
-if (empty($account)) { 
+if (empty($account)) {
     header("Location: /list/mail/");
     exit;
 } else {

web/bulk/package/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $package = $_POST['package'];
@@ -27,8 +27,7 @@ if ($_SESSION['user'] == 'admin') {
 }
 
 foreach ($package as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
+    v_exec($cmd, [$value], false);
     $restart = 'yes';
 }
 

web/bulk/restore/index.php

@@ -9,11 +9,11 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $action = $_POST['action'];
-$backup = escapeshellarg($_POST['backup']);
+$backup = $_POST['backup'];
 
 $web = 'no';
 $dns = 'no';
@@ -22,25 +22,22 @@ $db = 'no';
 $cron = 'no';
 $udir = 'no';
 
-if (!empty($_POST['web'])) $web = escapeshellarg(implode(",",$_POST['web']));
-if (!empty($_POST['dns'])) $dns = escapeshellarg(implode(",",$_POST['dns']));
-if (!empty($_POST['mail'])) $mail = escapeshellarg(implode(",",$_POST['mail']));
-if (!empty($_POST['db'])) $db = escapeshellarg(implode(",",$_POST['db']));
+if (!empty($_POST['web'])) $web = implode(',', $_POST['web']);
+if (!empty($_POST['dns'])) $dns = implode(',', $_POST['dns']);
+if (!empty($_POST['mail'])) $mail = implode(',', $_POST['mail']);
+if (!empty($_POST['db'])) $db = implode(',', $_POST['db']);
 if (!empty($_POST['cron'])) $cron = 'yes';
-if (!empty($_POST['udir'])) $udir = escapeshellarg(implode(",",$_POST['udir']));
+if (!empty($_POST['udir'])) $udir = implode(',', $_POST['udir']);
 
 if ($action == 'restore') {
-    exec (VESTA_CMD."v-schedule-user-restore ".$user." ".$backup." ".$web." ".$dns." ".$mail." ".$db." ".$cron." ".$udir, $output, $return_var);
-    if ($return_var == 0) {
-        $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
-    } else {
-        $_SESSION['error_msg'] = implode('<br>', $output);
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['error_msg'] = __('Error: vesta did not return any output.');
-        }
-        if ($return_var == 4) {
+    $return_var = v_exec('v-schedule-user-restore', [$user, $backup, $web, $dns, $mail, $db, $cron, $udir]);
+    switch ($return_var) {
+        case 0:
+            $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
+            break;
+        case 4:
             $_SESSION['error_msg'] = __('RESTORE_EXISTS');
-        }
+            break;
     }
 }
 

web/bulk/service/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $service = $_POST['service'];
@@ -27,16 +27,14 @@ if ($_SESSION['user'] == 'admin') {
     }
 
     if ((!empty($_POST['system'])) && ($action == 'restart')) {
-        exec (VESTA_CMD."v-restart-system yes", $output, $return_var);
+        v_exec('v-restart-system', ['yes'], false);
         $_SESSION['error_srv'] = 'The system is going down for reboot NOW!';
-        unset($output);
         header("Location: /list/server/");
         exit;
     }
 
     foreach ($service as $value) {
-        $value = escapeshellarg($value);
-        exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
+        v_exec($cmd, [$value], false);
     }
 }
 

web/bulk/user/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $user = $_POST['user'];
@@ -48,15 +48,14 @@ if ($_SESSION['user'] == 'admin') {
 }
 
 foreach ($user as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$value." ".$restart, $output, $return_var);
+    v_exec($cmd, [$value, $restart], false);
     $changes = 'yes';
 }
 
 if ((!empty($restart)) && (!empty($changes))) {
-    exec (VESTA_CMD."v-restart-web", $output, $return_var);
-    exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-    exec (VESTA_CMD."v-restart-cron", $output, $return_var);
+    v_exec('v-restart-web', [], false);
+    v_exec('v-restart-dns', [], false);
+    v_exec('v-restart-cron', [], false);
 }
 
 header("Location: /list/user/");

web/bulk/vesta/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 
@@ -23,8 +23,7 @@ if ($_SESSION['user'] == 'admin') {
         default: header("Location: /list/updates/"); exit;
     }
     foreach ($pkg as $value) {
-        $value = escapeshellarg($value);
-        exec (VESTA_CMD.$cmd." ".$value, $output, $return_var);
+        v_exec($cmd, [$value], false);
     }
 }
 

web/bulk/web/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 $domain = $_POST['domain'];
@@ -34,15 +34,14 @@ if ($_SESSION['user'] == 'admin') {
 }
 
 foreach ($domain as $value) {
-    $value = escapeshellarg($value);
-    exec (VESTA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
-    $restart='yes';
+    v_exec($cmd, [$user, $value, 'no'], false);
+    $restart = 'yes';
 }
 
 if (isset($restart)) {
-    exec (VESTA_CMD."v-restart-web", $output, $return_var);
-    exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
-    exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+    v_exec('v-restart-web', [], false);
+    v_exec('v-restart-proxy', [], false);
+    v_exec('v-restart-dns', [], false);
 }
 
 header("Location: /list/web/");

web/delete/backup/exclusion/index.php

@@ -6,20 +6,17 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 if (!empty($_GET['system'])) {
-    $v_username = escapeshellarg($user);
-    $v_system = escapeshellarg($_GET['system']);
-    exec (VESTA_CMD."v-delete-user-backup-exclusions ".$v_username." ".$v_system, $output, $return_var);
+    $v_system = $_GET['system'];
+    v_exec('v-delete-user-backup-exclusions', [$user, $v_system]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/backup/index.php

@@ -6,26 +6,23 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if (!empty($_GET['backup'])) {
-    $v_username = escapeshellarg($user);
-    $v_backup = escapeshellarg($_GET['backup']);
-    exec (VESTA_CMD."v-delete-user-backup ".$v_username." ".$v_backup, $output, $return_var);
+    $v_backup = $_GET['backup'];
+    v_exec('v-delete-user-backup', [$user, $v_backup]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/cron/autoupdate/index.php

@@ -6,9 +6,8 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if ($_SESSION['user'] == 'admin') {
-    exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var);
+    v_exec('v-delete-cron-vesta-autoupdate', [], false);
     $_SESSION['error_msg'] = __('Autoupdate has been successfully disabled');
-    unset($output);
 }
 
 header("Location: /list/updates/");

web/delete/cron/index.php

@@ -6,26 +6,23 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if (!empty($_GET['job'])) {
-    $v_username = escapeshellarg($user);
-    $v_job = escapeshellarg($_GET['job']);
-    exec (VESTA_CMD."v-delete-cron-job ".$v_username." ".$v_job, $output, $return_var);
+    $v_job = $_GET['job'];
+    v_exec('v-delete-cron-job', [$user, $v_job]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/cron/reports/index.php

@@ -5,9 +5,8 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var);
+v_exec('v-delete-cron-reports', [$user], false);
 $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled');
-unset($output);
 
 header("Location: /list/cron/");
 exit;

web/delete/db/index.php

@@ -6,26 +6,23 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if (!empty($_GET['database'])) {
-    $v_username = escapeshellarg($user);
-    $v_database = escapeshellarg($_GET['database']);
-    exec (VESTA_CMD."v-delete-database ".$v_username." ".$v_database, $output, $return_var);
+    $v_database = $_GET['database'];
+    v_exec('v-delete-database', [$user, $v_database]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/dns/index.php

@@ -7,26 +7,23 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Delete as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // DNS domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    exec (VESTA_CMD."v-delete-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_domain = $_GET['domain'];
+    v_exec('v-delete-dns-domain', [$user, $v_domain]);
 
     $back = $_SESSION['back'];
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /list/dns/");
@@ -35,15 +32,13 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
 
 // DNS record
 if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    $v_record_id = escapeshellarg($_GET['record_id']);
-    exec (VESTA_CMD."v-delete-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_domain = $_GET['domain'];
+    $v_record_id = $_GET['record_id'];
+    v_exec('v-delete-dns-record', [$user, $v_domain, $v_record_id]);
+
     $back = $_SESSION['back'];
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /list/dns/?domain=".$_GET['domain']);
@@ -52,7 +47,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/favorite/index.php

@@ -5,11 +5,10 @@
 
     include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-    unset($_SESSION['favourites'][strtoupper($_REQUEST['v_section'])][$_REQUEST['v_unit_id']]);
+    $v_section = $_REQUEST['v_section'];
+    $v_unit_id = $_REQUEST['v_unit_id'];
 
-    $v_section = escapeshellarg($_REQUEST['v_section']);
-    $v_unit_id = escapeshellarg($_REQUEST['v_unit_id']);
+    unset($_SESSION['favourites'][strtoupper((string)$v_section)][(string)$v_unit_id]);
 
-    exec (VESTA_CMD."v-delete-user-favourites ".$_SESSION['user']." ".$v_section." ".$v_unit_id, $output, $return_var);
-//    check_return_code($return_var,$output);
+    v_exec('v-delete-user-favourites', [$_SESSION['user'], $v_section, $v_unit_id], false/*true*/);
 ?>

web/delete/firewall/banlist/index.php

@@ -16,20 +16,18 @@ if ($_SESSION['user'] != 'admin') {
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) {
-    $v_ip = escapeshellarg($_GET['ip']);
-    $v_chain = escapeshellarg($_GET['chain']);
-    exec (VESTA_CMD."v-delete-firewall-ban ".$v_ip." ".$v_chain, $output, $return_var);
+    $v_ip = $_GET['ip'];
+    $v_chain = $_GET['chain'];
+    v_exec('v-delete-firewall-ban', [$v_ip, $v_chain]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/firewall/index.php

@@ -16,19 +16,17 @@ if ($_SESSION['user'] != 'admin') {
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if (!empty($_GET['rule'])) {
-    $v_rule = escapeshellarg($_GET['rule']);
-    exec (VESTA_CMD."v-delete-firewall-rule ".$v_rule, $output, $return_var);
+    $v_rule = $_GET['rule'];
+    v_exec('v-delete-firewall-rule', [$v_rule]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/ip/index.php

@@ -8,22 +8,19 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['ip'])) {
-        $v_ip = escapeshellarg($_GET['ip']);
-        exec (VESTA_CMD."v-delete-sys-ip ".$v_ip, $output, $return_var);
+        $v_ip = $_GET['ip'];
+        v_exec('v-delete-sys-ip', [$v_ip]);
     }
-    check_return_code($return_var,$output);
-    unset($output);
-
 }
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/mail/index.php

@@ -7,25 +7,22 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Delete as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    exec (VESTA_CMD."v-delete-mail-domain ".$v_username." ".$v_domain, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_domain = $_GET['domain'];
+    v_exec('v-delete-mail-domain', [$user, $v_domain]);
     $back = $_SESSION['back'];
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /list/mail/");
@@ -34,15 +31,12 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
 
 // Mail account
 if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    $v_account = escapeshellarg($_GET['account']);
-    exec (VESTA_CMD."v-delete-mail-account ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_domain = $_GET['domain'];
+    $v_account = $_GET['account'];
+    v_exec('v-delete-mail-account', [$user, $v_domain, $v_account]);
     $back = $_SESSION['back'];
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /list/mail/?domain=".$_GET['domain']);
@@ -51,7 +45,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/notification/index.php

@@ -8,23 +8,17 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 
 if($_GET['delete'] == 1){
-    $v_username = escapeshellarg($user);
-    $v_id = escapeshellarg((int)$_GET['notification_id']);
-    exec (VESTA_CMD."v-delete-user-notification ".$v_username." ".$v_id, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_id = (string)((int)$_GET['notification_id']);
+    v_exec('v-delete-user-notification', [$user, $v_id]);
 } else {
-    $v_username = escapeshellarg($user);
-    $v_id = escapeshellarg((int)$_GET['notification_id']);
-    echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
-    exec (VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_id = (string)((int)$_GET['notification_id']);
+    //echo VESTA_CMD."v-acknowledge-user-notification ".$v_username." ".$v_id;
+    v_exec('v-acknowledge-user-notification', [$user, $v_id]);
 }
 
 exit;

web/delete/package/index.php

@@ -8,21 +8,19 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['package'])) {
-        $v_package = escapeshellarg($_GET['package']);
-        exec (VESTA_CMD."v-delete-user-package ".$v_package, $output, $return_var);
+        $v_package = $_GET['package'];
+        v_exec('v-delete-user-package', [$v_package]);
     }
-    check_return_code($return_var,$output);
-    unset($output);
 }
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/user/index.php

@@ -8,22 +8,20 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['user'])) {
-        $v_username = escapeshellarg($_GET['user']);
-        exec (VESTA_CMD."v-delete-user ".$v_username, $output, $return_var);
+        $v_username = $_GET['user'];
+        v_exec('v-delete-user', [$v_username]);
     }
-    check_return_code($return_var,$output);
     unset($_SESSION['look']);
-    unset($output);
 }
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/delete/web/index.php

@@ -8,25 +8,22 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Delete as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
 
 if (!empty($_GET['domain'])) {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    exec (VESTA_CMD."v-delete-domain ".$v_username." ".$v_domain, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_domain = $_GET['domain'];
+    v_exec('v-delete-domain', [$user, $v_domain]);
 }
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/download/file/index.php

@@ -8,7 +8,7 @@ if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY'
 
 $user = $_SESSION['user'];
 if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
-    $user=$_SESSION['look'];
+    $user = $_SESSION['look'];
 }
 
 if (!empty($_REQUEST['path'])) {
@@ -16,10 +16,10 @@ if (!empty($_REQUEST['path'])) {
     header("Content-type: application/octet-stream");
     header("Content-Transfer-Encoding: binary");
     header("Content-disposition: attachment;filename=".basename($path));
-    passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
+    // TODO: Implement `v_passthru`?
+    passthru(VESTA_CMD.'v-open-fs-file '.build_shell_args([$user, $path]));
     exit;
-}
-else {
+} else {
     die('File not found');
 }
 

web/download/web-log/index.php

@@ -3,26 +3,20 @@
 error_reporting(NULL);
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
 $v_domain = $_GET['domain'];
-$v_domain = escapeshellarg($_GET['domain']);
 if ($_GET['type'] == 'access') $type = 'access';
 if ($_GET['type'] == 'error') $type = 'error';
 
 header("Cache-Control: public");
 header("Content-Description: File Transfer");
 header("Content-Disposition: attachment; filename=".$_GET['domain'].".".$type."-log.txt");
-header("Content-Type: application/octet-stream; "); 
+header("Content-Type: application/octet-stream");
 header("Content-Transfer-Encoding: binary");
 
-$v_domain = escapeshellarg($_GET['domain']);
-if ($_GET['type'] == 'access') $type = 'access';
-if ($_GET['type'] == 'error') $type = 'error';
-
-exec (VESTA_CMD."v-list-web-domain-".$type."log $user ".$v_domain." 5000", $output, $return_var);
-if ($return_var == 0 ) {
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+$return_var = v_exec("v-list-web-domain-{$type}log", [$user, $v_domain, '5000'], false, $output);
+if ($return_var == 0) {
+    echo $output . "\n";
 }
 
 ?>

web/edit/backup/exclusions/index.php

@@ -9,14 +9,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=escapeshellarg($_GET['user']);
+    $user = $_GET['user'];
 }
 
 // List backup exclustions
-exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var);
-check_return_code($return_var,$output);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-backup-exclusions', [$user, 'json'], true, $output);
+$data = json_decode($output, true);
 
 // Parse web
 $v_username = $user;
@@ -70,9 +68,10 @@ if (!empty($_POST['save'])) {
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
+    // TODO: Use array?
     $v_web = $_POST['v_web'];
     $v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
     $v_web_tmp = rtrim($v_web_tmp, ",");
@@ -112,9 +111,7 @@ if (!empty($_POST['save'])) {
     unset($mktemp_output);
 
     // Save changes
-    exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    v_exec('v-update-user-backup-exclusions', [$user, $tmp]);
 
     // Set success message
     if (empty($_SESSION['error_msg'])) {

web/edit/cron/index.php

@@ -9,7 +9,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=escapeshellarg($_GET['user']);
+    $user = $_GET['user'];
 }
 
 // Check job id
@@ -18,16 +18,14 @@ if (empty($_GET['job'])) {
     exit;
 }
 
+$v_username = $user;
+$v_job = $_GET['job'];
+
 // List cron job
-$v_job = escapeshellarg($_GET['job']);
-exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
-check_return_code($return_var,$output);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-cron-job', [$user, $v_job, 'json'], true, $output);
+$data = json_decode($output, true);
 
 // Parse cron job
-$v_username = $user;
-$v_job = $_GET['job'];
 $v_min = $data[$v_job]['MIN'];
 $v_hour = $data[$v_job]['HOUR'];
 $v_day = $data[$v_job]['DAY'];
@@ -37,36 +35,25 @@ $v_cmd = $data[$v_job]['CMD'];
 $v_date = $data[$v_job]['DATE'];
 $v_time = $data[$v_job]['TIME'];
 $v_suspended = $data[$v_job]['SUSPENDED'];
-if ( $v_suspended == 'yes' ) {
-    $v_status =  'suspended';
-} else {
-    $v_status =  'active';
-}
+$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
 
 // Check POST request
 if (!empty($_POST['save'])) {
-
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
-    $v_username = $user;
-    $v_job = escapeshellarg($_GET['job']);
-    $v_min = escapeshellarg($_POST['v_min']);
-    $v_hour = escapeshellarg($_POST['v_hour']);
-    $v_day = escapeshellarg($_POST['v_day']);
-    $v_month = escapeshellarg($_POST['v_month']);
-    $v_wday = escapeshellarg($_POST['v_wday']);
-    $v_cmd = escapeshellarg($_POST['v_cmd']);
+    $v_min = $_POST['v_min'];
+    $v_hour = $_POST['v_hour'];
+    $v_day = $_POST['v_day'];
+    $v_month = $_POST['v_month'];
+    $v_wday = $_POST['v_wday'];
+    $v_cmd = $_POST['v_cmd'];
 
     // Save changes
-    exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
-
-    $v_cmd = $_POST['v_cmd'];
+    v_exec('v-change-cron-job', [$v_username, $v_job, $v_min, $v_hour, $v_day, $v_month, $v_wday, $v_cmd]);
 
     // Set success message
     if (empty($_SESSION['error_msg'])) {

web/edit/db/index.php

@@ -21,51 +21,40 @@ if (empty($_GET['database'])) {
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=escapeshellarg($_GET['user']);
+    $user = $_GET['user'];
 }
 
+$v_username = $user;
+$v_database = $_GET['database'];
+
 // List datbase
-$v_database = escapeshellarg($_GET['database']);
-exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
-check_return_code($return_var,$output);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-database', [$user, $v_database, 'json'], true, $output);
+$data = json_decode($output, true);
 
 // Parse database
-$v_username = $user;
-$v_database = $_GET['database'];
 $v_dbuser = $data[$v_database]['DBUSER'];
-$v_password = "";
+$v_password = '';
 $v_host = $data[$v_database]['HOST'];
 $v_type = $data[$v_database]['TYPE'];
 $v_charset = $data[$v_database]['CHARSET'];
 $v_date = $data[$v_database]['DATE'];
 $v_time = $data[$v_database]['TIME'];
 $v_suspended = $data[$v_database]['SUSPENDED'];
-if ( $v_suspended == 'yes' ) {
-    $v_status =  'suspended';
-} else {
-    $v_status =  'active';
-}
+$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
 
 // Check POST request
 if (!empty($_POST['save'])) {
-    $v_username = $user;
-
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Change database user
     if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
         $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
-        $v_dbuser = escapeshellarg($v_dbuser);
-        exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
+        v_exec('v-change-database-user', [$v_username, $v_database, $v_dbuser]);
+        $v_dbuser = $user . '_' . $v_dbuser;
     }
 
     // Change database password
@@ -74,11 +63,9 @@ if (!empty($_POST['save'])) {
         $fp = fopen($v_password, "w");
         fwrite($fp, $_POST['v_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);    
-        unset($output);
+        v_exec('v-change-database-password', [$v_username, $v_database, $v_password]);
         unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        $v_password = $_POST['v_password'];
     }
 
     // Set success message

web/edit/dns/index.php

@@ -15,20 +15,18 @@ if (empty($_GET['domain'])) {
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=escapeshellarg($_GET['user']);
+    $user = $_GET['user'];
 }
+$v_username = $user;
 
 // List dns domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
-    $v_domain = escapeshellarg($_GET['domain']);
-    exec (VESTA_CMD."v-list-dns-domain ".$user." ".$v_domain." json", $output, $return_var);
-    check_return_code($return_var,$output);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
+    $v_domain = $_GET['domain'];
+
+    v_exec('v-list-dns-domain', [$user, $v_domain, 'json'], true, $output);
+    $data = json_decode($output, true);
 
     // Parse dns domain
-    $v_username = $user;
-    $v_domain = $_GET['domain'];
     $v_ip = $data[$v_domain]['IP'];
     $v_template = $data[$v_domain]['TPL'];
     $v_ttl = $data[$v_domain]['TTL'];
@@ -44,24 +42,19 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
     }
 
     // List dns templates
-    exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-    $templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-dns-templates', ['json'], false, $output);
+    $templates = json_decode($output, true);
 }
 
 // List dns record
 if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
-    $v_domain = escapeshellarg($_GET['domain']);
-    $v_record_id = escapeshellarg($_GET['record_id']);
-    exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
-    check_return_code($return_var,$output);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
-
-    // Parse dns record
-    $v_username = $user;
     $v_domain = $_GET['domain'];
     $v_record_id = $_GET['record_id'];
+
+    v_exec('v-list-dns-records', [$user, $v_domain, 'json'], true, $output);
+    $data = json_decode($output, true);
+
+    // Parse dns record
     $v_rec = $data[$v_record_id]['RECORD'];
     $v_type = $data[$v_record_id]['TYPE'];
     $v_val = $data[$v_record_id]['VALUE'];
@@ -78,63 +71,51 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
 
 // Check POST request for dns domain
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
-    $v_domain = escapeshellarg($_POST['v_domain']);
+    $v_domain = $_POST['v_domain'];
 
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Change domain IP
     if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
-        $v_ip = escapeshellarg($_POST['v_ip']);
-        exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
+        $v_ip = $_POST['v_ip'];
+        v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
         $restart_dns = 'yes';
-        unset($output);
     }
 
     // Change domain template
     if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
-        $v_template = escapeshellarg($_POST['v_template']);
-        exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_template = $_POST['v_template'];
+        v_exec('v-change-dns-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
         $restart_dns = 'yes';
     }
 
     // Change SOA record
     if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
-        $v_soa = escapeshellarg($_POST['v_soa']);
-        exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_soa = $_POST['v_soa'];
+        v_exec('v-change-dns-domain-soa', [$v_username, $v_domain, $v_soa, 'no']);
         $restart_dns = 'yes';
     }
 
     // Change expiriation date
     if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
-        $v_exp = escapeshellarg($_POST['v_exp']);
-        exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_exp = $_POST['v_exp'];
+        v_exec('v-change-dns-domain-exp', [$v_username, $v_domain, $v_exp, 'no']);
     }
 
     // Change domain ttl
     if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
-        $v_ttl = escapeshellarg($_POST['v_ttl']);
-        exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_ttl = $_POST['v_ttl'];
+        v_exec('v-change-dns-domain-ttl', [$v_username, $v_domain, $v_ttl, 'no']);
         $restart_dns = 'yes';
     }
 
     // Restart dns server
     if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-dns');
     }
 
     // Set success message
@@ -149,38 +130,30 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['reco
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
-    // Protect input
-    $v_domain = escapeshellarg($_POST['v_domain']);
-    $v_record_id = escapeshellarg($_POST['v_record_id']);
+    $v_domain = $_POST['v_domain'];
+    $v_record_id = $_POST['v_record_id'];
 
     // Change dns record
     if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
-        $v_val = escapeshellarg($_POST['v_val']);
-        $v_priority = escapeshellarg($_POST['v_priority']);
-        exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
-        check_return_code($return_var,$output);
         $v_val = $_POST['v_val'];
-        unset($output);
+        $v_priority = $_POST['v_priority'];
+        v_exec('v-change-dns-record', [$v_username, $v_domain, $v_record_id, $v_val, $v_priority]);
         $restart_dns = 'yes';
     }
 
     // Change dns record id
     if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
-        $v_old_record_id = escapeshellarg($_GET['record_id']);
-        exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_old_record_id = $_GET['record_id'];
+        v_exec('v-change-dns-record-id', [$v_username, $v_domain, $v_old_record_id, $v_record_id]);
         $restart_dns = 'yes';
     }
 
     // Restart dns server
     if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-dns');
     }
 
     // Set success message

web/edit/file/index.php

@@ -31,24 +31,22 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
 <div id="message" style="display:none; position: absoulte;background-color: green; color: white; padding: 10px;"></div>
 <div id="error-message" style="display:none; position: absoulte;background-color: red; color: white; padding: 10px;"></div>
 
-<?php 
-
+<?php
     if (!empty($_REQUEST['path'])) {
         $content = '';
         $path = $_REQUEST['path'];
         if (!empty($_POST['save'])) {
-            $fn = tempnam ('/tmp', 'vst-save-file-');
+            $fn = tempnam('/tmp', 'vst-save-file-');
             if ($fn) {
                 $contents = $_POST['contents'];
                 $contents = preg_replace("/\r/", "", $contents);
-                $f = fopen ($fn, 'w+');
+                $f = fopen($fn, 'w+');
                 fwrite($f, $contents);
                 fclose($f);
                 chmod($fn, 0644);
 
                 if ($f) {
-                    exec (VESTA_CMD . "v-copy-fs-file {$user} {$fn} ".escapeshellarg($path), $output, $return_var);
-                    $error = check_return_code($return_var, $output);
+                    $return_var = v_exec('v-copy-fs-file', [$user, $fn, $path]);
                     if ($return_var != 0) {
                         print('<p style="color: white">Error while saving file</p>');
                         exit;
@@ -58,12 +56,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
             }
         }
 
-        exec (VESTA_CMD . "v-open-fs-file {$user} ".escapeshellarg($path), $content, $return_var);
+        $return_var = v_exec('v-open-fs-file', [$user, $path], false, $content);
         if ($return_var != 0) {
             print 'Error while opening file'; // todo: handle this more styled
             exit;
         }
-        $content = implode("\n", $content)."\n";
+        $content = $content . "\n";
     } else {
         $content = '';
     }

web/edit/firewall/index.php

@@ -20,15 +20,13 @@ if (empty($_GET['rule'])) {
     exit;
 }
 
+$v_rule = $_GET['rule'];
+
 // List rule
-$v_rule = escapeshellarg($_GET['rule']);
-exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var);
-check_return_code($return_var,$output);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-firewall-rule', [$v_rule, 'json'], true, $output);
+$data = json_decode($output, true);
 
 // Parse rule
-$v_rule = $_GET['rule'];
 $v_action = $data[$v_rule]['ACTION'];
 $v_protocol = $data[$v_rule]['PROTOCOL'];
 $v_port = $data[$v_rule]['PORT'];
@@ -37,37 +35,17 @@ $v_comment = $data[$v_rule]['COMMENT'];
 $v_date = $data[$v_rule]['DATE'];
 $v_time = $data[$v_rule]['TIME'];
 $v_suspended = $data[$v_rule]['SUSPENDED'];
-if ( $v_suspended == 'yes' ) {
-    $v_status =  'suspended';
-} else {
-    $v_status =  'active';
-}
+$v_status = $v_suspended == 'yes' ? 'suspended' : 'active';
 
 // Check POST request
 if (!empty($_POST['save'])) {
-
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
-    $v_rule = escapeshellarg($_GET['rule']);
-    $v_action = escapeshellarg($_POST['v_action']);
-    $v_protocol = escapeshellarg($_POST['v_protocol']);
-    $v_port = str_replace(" ",",", $_POST['v_port']);
-    $v_port = preg_replace('/\,+/', ',', $v_port);
-    $v_port = trim($v_port, ",");
-    $v_port = escapeshellarg($v_port);
-    $v_ip = escapeshellarg($_POST['v_ip']);
-    $v_comment = escapeshellarg($_POST['v_comment']);
-
-    // Change Status
-    exec (VESTA_CMD."v-change-firewall-rule ".$v_rule." ".$v_action." ".$v_ip."  ".$v_port." ".$v_protocol." ".$v_comment, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
-
-    $v_rule = $_GET['v_rule'];
+    $v_rule = $_GET['rule'];
     $v_action = $_POST['v_action'];
     $v_protocol = $_POST['v_protocol'];
     $v_port = str_replace(" ",",", $_POST['v_port']);
@@ -76,6 +54,9 @@ if (!empty($_POST['save'])) {
     $v_ip = $_POST['v_ip'];
     $v_comment = $_POST['v_comment'];
 
+    // Change Status
+    v_exec('v-change-firewall-rule', [$v_rule, $v_action, $v_ip, $v_port, $v_protocol, $v_comment]);
+
     // Set success message
     if (empty($_SESSION['error_msg'])) {
         $_SESSION['ok_msg'] = __('Changes has been saved.');

web/edit/ip/index.php

@@ -19,16 +19,14 @@ if (empty($_GET['ip'])) {
     exit;
 }
 
+$v_username = $user;
+$v_ip = $_GET['ip'];
+
 // List ip
-$v_ip = escapeshellarg($_GET['ip']);
-exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
-check_return_code($return_var,$output);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-ip', [$v_ip, 'json'], true, $output);
+$data = json_decode($output, true);
 
 // Parse ip
-$v_username = $user;
-$v_ip = $_GET['ip'];
 $v_netmask = $data[$v_ip]['NETMASK'];
 $v_interace = $data[$v_ip]['INTERFACE'];
 $v_name = $data[$v_ip]['NAME'];
@@ -46,51 +44,39 @@ if ( $v_suspended == 'yes' ) {
 }
 
 // List users
-exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
-$users = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-users', ['json'], false, $output);
+$users = json_decode($output, true);
 
 // Check POST request
 if (!empty($_POST['save'])) {
-    $v_ip = escapeshellarg($_POST['v_ip']);
+    $v_ip = $_POST['v_ip'];
 
     // Change Status
     if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $v_dedicated = 'yes'; 
+        v_exec('v-change-sys-ip-status', [$v_ip, 'dedicated']);
+        $v_dedicated = 'yes';
     }
     if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-change-sys-ip-status', [$v_ip, 'shared']);
         unset($v_dedicated);
     }
 
     // Change owner
     if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) {
-        $v_owner = escapeshellarg($_POST['v_owner']);
-        exec (VESTA_CMD."v-change-sys-ip-owner ".$v_ip." ".$v_owner, $output, $return_var);
-        check_return_code($return_var,$output);
         $v_owner = $_POST['v_owner'];
-        unset($output);
+        v_exec('v-change-sys-ip-owner', [$v_ip, $v_owner]);
     }
 
     // Change associated domain
     if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
-        $v_name = escapeshellarg($_POST['v_name']);
-        exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_name = $_POST['v_name'];
+        v_exec('v-change-sys-ip-name', [$v_ip, $v_name]);
     }
 
     // Change NAT address
     if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
-        $v_nat = escapeshellarg($_POST['v_nat']);
-        exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_nat = $_POST['v_nat'];
+        v_exec('v-change-sys-ip-nat', [$v_ip, $v_nat]);
     }
 
     // Set success message

web/edit/mail/index.php

@@ -21,19 +21,18 @@ if (empty($_GET['domain'])) {
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=escapeshellarg($_GET['user']);
+    $user = $_GET['user'];
 }
 $v_username = $user;
 
 // List mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
-    $v_domain = escapeshellarg($_GET['domain']);
-    exec (VESTA_CMD."v-list-mail-domain ".$user." ".$v_domain." json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
+    $v_domain = $_GET['domain'];
+
+    v_exec('v-list-mail-domain', [$user, $v_domain, 'json'], false, $output);
+    $data = json_decode($output, true);
 
     // Parse domain
-    $v_domain = $_GET['domain'];
     $v_antispam = $data[$v_domain]['ANTISPAM'];
     $v_antivirus = $data[$v_domain]['ANTIVIRUS'];
     $v_dkim = $data[$v_domain]['DKIM'];
@@ -50,17 +49,14 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
 
 // List mail account
 if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
-    $v_domain = escapeshellarg($_GET['domain']);
-    $v_account = escapeshellarg($_GET['account']);
-    exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
-
-    // Parse mail account
-    $v_username = $user;
     $v_domain = $_GET['domain'];
     $v_account = $_GET['account'];
-    $v_password = "";
+
+    v_exec('v-list-mail-account', [$user, $v_domain, $v_account, 'json'], false, $output);
+    $data = json_decode($output, true);
+
+    // Parse mail account
+    $v_password = '';
     $v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']);
     $valiases = explode(",", $data[$v_account]['ALIAS']);
     $v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']);
@@ -79,9 +75,8 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
 
     // Parse autoreply
     if ( $v_autoreply == 'yes' ) {
-        exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
-        $autoreply_str = json_decode(implode('', $output), true);
-        unset($output);
+        v_exec('v-list-mail-account-autoreply', [$user, $v_domain, $v_account, 'json'], false, $output);
+        $autoreply_str = json_decode($output, true);
         $v_autoreply_message = $autoreply_str[$v_account]['MSG'];
     }
 }
@@ -89,86 +84,68 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
 
 // Check POST request for mail domain
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
-    $v_domain = escapeshellarg($_POST['v_domain']);
+    $v_domain = $_POST['v_domain'];
 
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Delete antispam
     if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-delete-mail-domain-antispam', [$v_username, $v_domain]);
         $v_antispam = 'no';
-        unset($output);
     }
 
     // Add antispam
     if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-add-mail-domain-antispam', [$v_username, $v_domain]);
         $v_antispam = 'yes';
-        unset($output);
     }
 
     // Delete antivirus
     if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-delete-mail-domain-antivirus', [$v_username, $v_domain]);
         $v_antivirus = 'no';
-        unset($output);
     }
 
     // Add antivirs
     if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-add-mail-domain-antivirus', [$v_username, $v_domain]);
         $v_antivirus = 'yes';
-        unset($output);
     }
 
     // Delete DKIM
     if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-delete-mail-domain-dkim', [$v_username, $v_domain]);
         $v_dkim = 'no';
-        unset($output);
     }
 
     // Add DKIM
     if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-add-mail-domain-dkim', [$v_username, $v_domain]);
         $v_dkim = 'yes';
-        unset($output);
     }
 
     // Delete catchall
     if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
+        v_exec('v-delete-mail-domain-catchall', [$v_username, $v_domain]);
         $v_catchall = '';
-        unset($output);
     }
 
     // Change catchall address
     if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
         if ($v_catchall != $_POST['v_catchall']) {
-            $v_catchall = escapeshellarg($_POST['v_catchall']);
-            exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $v_catchall = $_POST['v_catchall'];
+            v_exec('v-change-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
         }
     }
 
     // Add catchall
     if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
-        $v_catchall = escapeshellarg($_POST['v_catchall']);
-        exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_catchall = $_POST['v_catchall'];
+        v_exec('v-add-mail-domain-catchall', [$v_username, $v_domain, $v_catchall]);
     }
 
     // Set success message
@@ -183,11 +160,11 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
-    $v_domain = escapeshellarg($_POST['v_domain']);
-    $v_account = escapeshellarg($_POST['v_account']);
+    $v_domain = $_POST['v_domain'];
+    $v_account = $_POST['v_account'];
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
@@ -195,23 +172,19 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
         $fp = fopen($v_password, "w");
         fwrite($fp, $_POST['v_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-change-mail-account-password', [$v_username, $v_domain, $v_account, $v_password]);
         unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);;
+        $v_password = $_POST['v_password'];
     }
 
     // Change quota
     if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
         if (empty($_POST['v_quota'])) {
-            $v_quota = 0; 
+            $v_quota = '0';
         } else {
-            $v_quota = escapeshellarg($_POST['v_quota']);
+            $v_quota = $_POST['v_quota'];
         }
-        exec (VESTA_CMD."v-change-mail-account-quota ".$v_username." ".$v_domain." ".$v_account." ".$v_quota, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-change-mail-account-quota', [$v_username, $v_domain, $v_account, $v_quota]);
     }
 
     // Change account aliases
@@ -225,17 +198,13 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
         $result = array_diff($valiases, $aliases);
         foreach ($result as $alias) {
             if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
-                exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-delete-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
             }
         }
         $result = array_diff($aliases, $valiases);
         foreach ($result as $alias) {
             if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
-                exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-add-mail-account-alias', [$v_username, $v_domain, $v_account, $alias]);
             }
         }
     }
@@ -251,56 +220,42 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
         $result = array_diff($vfwd, $fwd);
         foreach ($result as $forward) {
             if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
-                exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-delete-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
             }
         }
         $result = array_diff($fwd, $vfwd);
         foreach ($result as $forward) {
             if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
-                exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-add-mail-account-forward', [$v_username, $v_domain, $v_account, $forward]);
             }
         }
     }
 
     // Delete FWD_ONLY flag
     if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-delete-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
         $v_fwd_only = '';
     }
 
     // Add FWD_ONLY flag
     if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-mail-account-fwd-only', [$v_username, $v_domain, $v_account]);
         $v_fwd_only = 'yes';
     }
 
     // Delete autoreply
     if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-delete-mail-account-autoreply', [$v_username, $v_domain, $v_account]);
         $v_autoreply = 'no';
         $v_autoreply_message = '';
     }
 
     // Add autoreply
     if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
-        if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
+        if ($v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
             $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
-            $v_autoreply_message = escapeshellarg($v_autoreply_message);
-            exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-add-mail-account-autoreply', [$v_username, $v_domain, $v_account, $v_autoreply_message]);
             $v_autoreply = 'yes';
-            $v_autoreply_message = $_POST['v_autoreply_message'];
         }
     }
 

web/edit/package/index.php

@@ -21,14 +21,13 @@ if (empty($_GET['package'])) {
 }
 
 
+$v_package = $_GET['package'];
+
 // List package
-$v_package = escapeshellarg($_GET['package']);
-exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-package', [$v_package, 'json'], false, $output);
+$data = json_decode($output, true);
 
 // Parse package
-$v_package = $_GET['package'];
 $v_web_template = $data[$v_package]['WEB_TEMPLATE'];
 $v_backend_template = $data[$v_package]['BACKEND_TEMPLATE'];
 $v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
@@ -45,7 +44,7 @@ $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
 $v_bandwidth = $data[$v_package]['BANDWIDTH'];
 $v_shell = $data[$v_package]['SHELL'];
 $v_ns = $data[$v_package]['NS'];
-$nameservers = explode(", ", $v_ns);
+$nameservers = explode(', ', $v_ns);
 $v_ns1 = $nameservers[0];
 $v_ns2 = $nameservers[1];
 $v_ns3 = $nameservers[2];
@@ -57,45 +56,39 @@ $v_ns8 = $nameservers[7];
 $v_backups = $data[$v_package]['BACKUPS'];
 $v_date = $data[$v_package]['DATE'];
 $v_time = $data[$v_package]['TIME'];
-$v_status =  'active';
+$v_status = 'active';
 
 // List web templates
-exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
-$web_templates = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-web-templates', ['json'], false, $output);
+$web_templates = json_decode($output, true);
 
 // List backend templates
 if (!empty($_SESSION['WEB_BACKEND'])) {
-    exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
-    $backend_templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-web-templates-backend', ['json'], false, $output);
+    $backend_templates = json_decode($output, true);
 }
 
 // List proxy templates
 if (!empty($_SESSION['PROXY_SYSTEM'])) {
-    exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
-    $proxy_templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-web-templates-proxy', ['json'], false, $output);
+    $proxy_templates = json_decode($output, true);
 }
 
 
 // List dns templates
-exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-$dns_templates = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-dns-templates', ['json'], false, $output);
+$dns_templates = json_decode($output, true);
 
 // List shels
-exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-$shells = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-shells', ['json'], false, $output);
+$shells = json_decode($output, true);
 
 // Check POST request
 if (!empty($_POST['save'])) {
-
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Check empty fields
@@ -133,8 +126,10 @@ if (!empty($_POST['save'])) {
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
+    $v_package = $_POST['v_package'];
+
     // Protect input
-    $v_package = escapeshellarg($_POST['v_package']);
+    // TODO: Use array?
     $v_web_template = escapeshellarg($_POST['v_web_template']);
     if (!empty($_SESSION['WEB_BACKEND'])) {
         $v_backend_template = escapeshellarg($_POST['v_backend_template']);
@@ -199,23 +194,18 @@ if (!empty($_POST['save'])) {
     $pkg .= "BACKUPS=".$v_backups."\n";
     $pkg .= "TIME=".$v_time."\n";
     $pkg .= "DATE=".$v_date."\n";
-    $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
+    $fp = fopen("$tmpdir/$v_package.pkg", 'w');
     fwrite($fp, $pkg);
     fclose($fp);
 
     // Save changes
-    exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    v_exec('v-add-user-package', [$tmpdir, $v_package, 'yes']);
 
     // Remove temporary dir
-    exec ('rm -rf '.$tmpdir, $output, $return_var);
-    unset($output);
+    safe_exec('rm', ['-rf', $tmpdir]);
 
     // Propogate new package
-    exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    v_exec('v-update-user-package', [$v_package, 'json']);
 
     // Set success message
     if (empty($_SESSION['error_msg'])) {

web/edit/server/index.php

@@ -16,9 +16,8 @@ $v_hostname = exec('hostname');
 
 // List available timezones and get current one
 $v_timezones = list_timezones();
-exec (VESTA_CMD."v-get-sys-timezone", $output, $return_var);
-$v_timezone = $output[0];
-unset($output);
+v_exec('v-get-sys-timezone', [], false, $output);
+$v_timezone = strtok($output, "\n");
 if ($v_timezone == 'Etc/UTC' ) $v_timezone = 'UTC';
 if ($v_timezone == 'Pacific/Honolulu' ) $v_timezone = 'HAST';
 if ($v_timezone == 'US/Aleutian' ) $v_timezone = 'HADT';
@@ -34,51 +33,40 @@ if ($v_timezone == 'America/Puerto_Rico' ) $v_timezone = 'AST';
 if ($v_timezone == 'America/Halifax' ) $v_timezone = 'ADT';
 
 // List supported languages
-exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-$languages = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-languages', ['json'], false, $output);
+$languages = json_decode($output, true);
 
 // List dns cluster hosts
-exec (VESTA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
-$dns_cluster = json_decode(implode('', $output), true);
-unset($output);
-foreach ($dns_cluster as $key => $value) {
-    $v_dns_cluster = 'yes';
-}
+v_exec('v-list-remote-dns-hosts', ['json'], false, $output);
+$dns_cluster = json_decode($output, true);
+if (count($dns_cluster) >= 1) $v_dns_cluster = 'yes';
 
 // List MySQL hosts
-exec (VESTA_CMD."v-list-database-hosts mysql json", $output, $return_var);
-$v_mysql_hosts = json_decode(implode('', $output), true);
-unset($output);
-foreach ($v_mysql_hosts as $key => $value) {
-    $v_mysql = 'yes';
-}
+v_exec('v-list-database-hosts', ['mysql', 'json'], false, $output);
+$v_mysql_hosts = json_decode($output, true);
+if (count($v_mysql_hosts) >= 1) $v_mysql = 'yes';
 
 // List PostgreSQL hosts
-exec (VESTA_CMD."v-list-database-hosts pgsql json", $output, $return_var);
-$v_pgsql_hosts = json_decode(implode('', $output), true);
-unset($output);
-foreach ($v_pgsql_hosts as $key => $value) {
-    $v_psql = 'yes';
-}
+v_exec('v-list-database-hosts', ['pgsql', 'json'], false, $output);
+$v_pgsql_hosts = json_decode($output, true);
+if (count($v_pgsql_hosts) >= 1) $v_psql = 'yes';
 
 // List backup settings
-$v_backup_dir = "/backup";
+$v_backup_dir = '/backup';
 if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
 $v_backup_gzip = '5';
 if (!empty($_SESSION['BACKUP_GZIP'])) $v_backup_gzip = $_SESSION['BACKUP_GZIP'];
-$backup_types = split(",",$_SESSION['BACKUP_SYSTEM']);
+$backup_types = explode(',', $_SESSION['BACKUP_SYSTEM']);
 foreach ($backup_types as $backup_type) {
     if ($backup_type == 'local') {
         $v_backup = 'yes';
     } else {
-        exec (VESTA_CMD."v-list-backup-host ".$backup_type. " json", $output, $return_var);
-        $v_remote_backup = json_decode(implode('', $output), true);
-        unset($output);
+        v_exec('v-list-backup-host', [$backup_type, 'json'], false, $output);
+        $v_remote_backup = json_decode($output, true);
         $v_backup_host = $v_remote_backup[$backup_type]['HOST'];
         $v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
         $v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
-        $v_backup_password = "";
+        $v_backup_password = '';
         $v_backup_port = $v_remote_backup[$backup_type]['PORT'];
         $v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
     }
@@ -86,19 +74,16 @@ foreach ($backup_types as $backup_type) {
 
 // Check POST request
 if (!empty($_POST['save'])) {
-
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Change hostname
     if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
-        exec (VESTA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
         $v_hostname = $_POST['v_hostname'];
+        v_exec('v-change-sys-hostname', [$v_hostname]);
     }
 
     // Change timezone
@@ -120,10 +105,8 @@ if (!empty($_POST['save'])) {
             if ($v_tz == 'ADT' ) $v_tz = 'America/Halifax';
 
             if ($v_timezone != $v_tz) {
-                exec (VESTA_CMD."v-change-sys-timezone ".escapeshellarg($v_tz), $output, $return_var);
-                check_return_code($return_var,$output);
                 $v_timezone = $v_tz;
-                unset($output);
+                v_exec('v-change-sys-timezone', [$v_timezone]);
             }
         }
     }
@@ -131,9 +114,7 @@ if (!empty($_POST['save'])) {
     // Change default language
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_language'])) && ($_SESSION['LANGUAGE'] != $_POST['v_language'])) {
-            exec (VESTA_CMD."v-change-sys-language ".escapeshellarg($_POST['v_language']), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-sys-language', [$_POST['v_language']]);
             if (empty($_SESSION['error_msg'])) $_SESSION['LANGUAGE'] = $_POST['v_language'];
         }
     }
@@ -142,14 +123,10 @@ if (!empty($_POST['save'])) {
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_quota'])) && ($_SESSION['DISK_QUOTA'] != $_POST['v_quota'])) {
             if($_POST['v_quota'] == 'yes') {
-                exec (VESTA_CMD."v-add-sys-quota", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-add-sys-quota');
                 if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'yes';
             } else {
-                exec (VESTA_CMD."v-delete-sys-quota", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-delete-sys-quota');
                 if (empty($_SESSION['error_msg'])) $_SESSION['DISK_QUOTA'] = 'no';
             }
         }
@@ -161,14 +138,10 @@ if (!empty($_POST['save'])) {
         if ($_SESSION['FIREWALL_SYSTEM'] != 'iptables') $v_firewall = 'no';
         if ((!empty($_POST['v_firewall'])) && ($v_firewall != $_POST['v_firewall'])) {
             if($_POST['v_firewall'] == 'yes') {
-                exec (VESTA_CMD."v-add-sys-firewall", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-add-sys-firewall');
                 if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = 'iptables';
             } else {
-                exec (VESTA_CMD."v-delete-sys-firewall", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                v_exec('v-delete-sys-firewall');
                 if (empty($_SESSION['error_msg'])) $_SESSION['FIREWALL_SYSTEM'] = '';
             }
         }
@@ -177,9 +150,7 @@ if (!empty($_POST['save'])) {
     // Update mysql pasword
     if (empty($_SESSION['error_msg'])) {
         if (!empty($_POST['v_mysql_password'])) {
-            exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-database-host-password', ['mysql', 'localhost', 'root', $_POST['v_mysql_password']]);
             $v_db_adv = 'yes';
         }
     }
@@ -188,9 +159,7 @@ if (!empty($_POST['save'])) {
     // Update webmail url
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
-            exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-sys-config-value', ['MAIL_URL', $_POST['v_mail_url']]);
             $v_mail_adv = 'yes';
         }
     }
@@ -198,9 +167,7 @@ if (!empty($_POST['save'])) {
     // Update phpMyAdmin url
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) {
-            exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-sys-config-value', ['DB_PMA_URL', $_POST['v_mysql_url']]);
             $v_db_adv = 'yes';
         }
     }
@@ -208,19 +175,15 @@ if (!empty($_POST['save'])) {
     // Update phpPgAdmin url
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_psql_url'] != $_SESSION['DB_PGA_URL']) {
-            exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-sys-config-value', ['DB_PGA_URL', $_POST['v_pgsql_url']]);
             $v_db_adv = 'yes';
         }
     }
 
     // Disable local backup
     if (empty($_SESSION['error_msg'])) {
-        if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes' )) {
-            exec (VESTA_CMD."v-delete-backup-host local", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+        if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes')) {
+            v_exec('v-delete-backup-host', ['local']);
             if (empty($_SESSION['error_msg'])) $v_backup = 'no';
             $v_backup_adv = 'yes';
         }
@@ -229,9 +192,7 @@ if (!empty($_POST['save'])) {
     // Enable local backups
     if (empty($_SESSION['error_msg'])) {
         if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
-            exec (VESTA_CMD."v-add-backup-host local", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-add-backup-host', ['local']);
             if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
             $v_backup_adv = 'yes';
         }
@@ -241,9 +202,7 @@ if (!empty($_POST['save'])) {
     // Change backup gzip level
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
-            exec (VESTA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-sys-config-value', ['BACKUP_GZIP', $_POST['v_backup_gzip']]);
             if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
             $v_backup_adv = 'yes';
         }
@@ -252,9 +211,7 @@ if (!empty($_POST['save'])) {
     // Change backup path
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_backup_dir'] != $v_backup_dir ) {
-            exec (VESTA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-sys-config-value', ['BACKUP', $_POST['v_backup_dir']]);
             if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
             $v_backup_adv = 'yes';
         }
@@ -263,19 +220,12 @@ if (!empty($_POST['save'])) {
     // Add remote backup host
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) {
-            $v_backup_host = escapeshellarg($_POST['v_backup_host']);
-            $v_backup_type = escapeshellarg($_POST['v_backup_type']);
-            $v_backup_username = escapeshellarg($_POST['v_backup_username']);
-            $v_backup_password = escapeshellarg($_POST['v_backup_password']);
-            $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
-            exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
-            if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
-            if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
-            if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
-            if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+            $v_backup_host = $_POST['v_backup_host'];
+            $v_backup_type = $_POST['v_backup_type'];
+            $v_backup_username = $_POST['v_backup_username'];
+            $v_backup_password = $_POST['v_backup_password'];
+            $v_backup_bpath = $_POST['v_backup_bpath'];
+            v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
             $v_backup_new = 'yes';
             $v_backup_adv = 'yes';
             $v_backup_remote_adv = 'yes';
@@ -285,22 +235,14 @@ if (!empty($_POST['save'])) {
     // Change remote backup host type
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
-            exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
-            unset($output);
-
-            $v_backup_host = escapeshellarg($_POST['v_backup_host']);
-            $v_backup_type = escapeshellarg($_POST['v_backup_type']);
-            $v_backup_username = escapeshellarg($_POST['v_backup_username']);
-            $v_backup_password = escapeshellarg($_POST['v_backup_password']);
-            $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
-            exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
-            if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
-            if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
-            if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
-            if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+            v_exec('v-delete-backup-host', [$v_backup_type], false);
+
+            $v_backup_host = $_POST['v_backup_host'];
+            $v_backup_type = $_POST['v_backup_type'];
+            $v_backup_username = $_POST['v_backup_username'];
+            $v_backup_password = $_POST['v_backup_password'];
+            $v_backup_bpath = $_POST['v_backup_bpath'];
+            v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
             $v_backup_adv = 'yes';
             $v_backup_remote_adv = 'yes';
         }
@@ -310,19 +252,12 @@ if (!empty($_POST['save'])) {
     if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) {
             if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){
-                $v_backup_host = escapeshellarg($_POST['v_backup_host']);
-                $v_backup_type = escapeshellarg($_POST['v_backup_type']);
-                $v_backup_username = escapeshellarg($_POST['v_backup_username']);
-                $v_backup_password = escapeshellarg($_POST['v_backup_password']);
-                $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
-                exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-                if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
-                if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
-                if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
-                if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
-                if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+                $v_backup_host = $_POST['v_backup_host'];
+                $v_backup_type = $_POST['v_backup_type'];
+                $v_backup_username = $_POST['v_backup_username'];
+                $v_backup_password = $_POST['v_backup_password'];
+                $v_backup_bpath = $_POST['v_backup_bpath'];
+                v_exec('v-add-backup-host', [$v_backup_type, $v_backup_host, $v_backup_username, $v_backup_password, $v_backup_bpath]);
                 $v_backup_adv = 'yes';
                 $v_backup_remote_adv = 'yes';
             }
@@ -333,14 +268,14 @@ if (!empty($_POST['save'])) {
     // Delete remote backup host
     if (empty($_SESSION['error_msg'])) {
         if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
-            exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            if (empty($_SESSION['error_msg'])) $v_backup_host = '';
-            if (empty($_SESSION['error_msg'])) $v_backup_type = '';
-            if (empty($_SESSION['error_msg'])) $v_backup_username = '';
-            if (empty($_SESSION['error_msg'])) $v_backup_password = '';
-            if (empty($_SESSION['error_msg'])) $v_backup_bpath = '';
+            v_exec('v-delete-backup-host', [$v_backup_type]);
+            if (empty($_SESSION['error_msg'])) {
+                $v_backup_host = '';
+                $v_backup_type = '';
+                $v_backup_username = '';
+                $v_backup_password = '';
+                $v_backup_bpath = '';
+            }
             $v_backup_adv = '';
             $v_backup_remote_adv = '';
         }
@@ -351,29 +286,25 @@ if (!empty($_POST['save'])) {
         $_SESSION['ok_msg'] = __('Changes has been saved.');
     }
 
-    // activating sftp licence
+    // Activate sftp licence
     if (empty($_SESSION['error_msg'])) {
-        if($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes'){
+        if ($_SESSION['SFTPJAIL_KEY'] != $_POST['v_sftp_licence'] && $_POST['v_sftp'] == 'yes') {
             $module = 'sftpjail';
-            $licence_key = escapeshellarg($_POST['v_sftp_licence']);
-            exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $licence_key = $_POST['v_sftp_licence'];
+            v_exec('v-activate-vesta-license', [$module, $licence_key]);
             if (empty($_SESSION['error_msg'])) {
                 $_SESSION['ok_msg'] = __('Licence Activated');
-                $_SESSION['SFTPJAIL_KEY'] = $_POST['v_sftp_licence'];
+                $_SESSION['SFTPJAIL_KEY'] = $licence_key;
             }
         }
     }
 
-    // cancel sftp licence
+    // Cancel sftp licence
     if (empty($_SESSION['error_msg'])) {
-        if($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']){
+        if ($_POST['v_sftp'] == 'cancel' && $_SESSION['SFTPJAIL_KEY']) {
             $module = 'sftpjail';
-            $licence_key = escapeshellarg($_SESSION['SFTPJAIL_KEY']);
-            exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $licence_key = $_SESSION['SFTPJAIL_KEY'];
+            v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
             if (empty($_SESSION['error_msg'])) {
                 $_SESSION['ok_msg'] = __('Licence Deactivated');
                 unset($_SESSION['SFTPJAIL_KEY']);
@@ -382,29 +313,25 @@ if (!empty($_POST['save'])) {
     }
 
 
-    // activating filemanager licence
+    // Activate filemanager licence
     if (empty($_SESSION['error_msg'])) {
-        if($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes'){
+        if ($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes') {
             $module = 'filemanager';
-            $licence_key = escapeshellarg($_POST['v_filemanager_licence']);
-            exec (VESTA_CMD."v-activate-vesta-license ".$module." ".$licence_key, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $licence_key = $_POST['v_filemanager_licence'];
+            v_exec('v-activate-vesta-license', [$module, $licence_key]);
             if (empty($_SESSION['error_msg'])) {
                 $_SESSION['ok_msg'] = __('Licence Activated');
-                $_SESSION['FILEMANAGER_KEY'] = $_POST['v_filemanager_licence'];
+                $_SESSION['FILEMANAGER_KEY'] = $licence_key;
             }
         }
     }
 
-    // cancel filemanager licence
+    // Cancel filemanager licence
     if (empty($_SESSION['error_msg'])) {
-        if($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']){
+        if ($_POST['v_filemanager'] == 'cancel' && $_SESSION['FILEMANAGER_KEY']) {
             $module = 'filemanager';
-            $licence_key = escapeshellarg($_SESSION['FILEMANAGER_KEY']);
-            exec (VESTA_CMD."v-deactivate-vesta-license ".$module." ".$licence_key, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $licence_key = $_SESSION['FILEMANAGER_KEY'];
+            v_exec('v-deactivate-vesta-license', [$module, $licence_key]);
             if (empty($_SESSION['error_msg'])) {
                 $_SESSION['ok_msg'] = __('Licence Deactivated');
                 unset($_SESSION['FILEMANAGER_KEY']);
@@ -414,8 +341,8 @@ if (!empty($_POST['save'])) {
 }
 
 // Check system configuration
-exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
+v_exec('v-list-sys-config', ['json'], false, $output);
+$data = json_decode($output, true);
 $sys_arr = $data['config'];
 foreach ($sys_arr as $key => $value) {
     $_SESSION[$key] = $value;

web/edit/user/index.php

@@ -16,21 +16,18 @@ if (empty($_GET['user'])) {
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=$_GET['user'];
-    $v_username=$_GET['user'];
+    $user = $_GET['user'];
 } else {
-    $user=$_SESSION['user'];
-    $v_username=$_SESSION['user'];
+    $user = $_SESSION['user'];
 }
+$v_username = $user;
 
 // List user
-exec (VESTA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var);
-check_return_code($return_var,$output);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user', [$v_username, 'json'], true, $output);
+$data = json_decode($output, true);
 
 // Parse user
-$v_password = "";
+$v_password = '';
 $v_email = $data[$v_username]['CONTACT'];
 $v_package = $data[$v_username]['PACKAGE'];
 $v_language = $data[$v_username]['LANGUAGE'];
@@ -38,7 +35,7 @@ $v_fname = $data[$v_username]['FNAME'];
 $v_lname = $data[$v_username]['LNAME'];
 $v_shell = $data[$v_username]['SHELL'];
 $v_ns = $data[$v_username]['NS'];
-$nameservers = explode(", ", $v_ns);
+$nameservers = explode(', ', $v_ns);
 $v_ns1 = $nameservers[0];
 $v_ns2 = $nameservers[1];
 $v_ns3 = $nameservers[2];
@@ -58,29 +55,25 @@ $v_time = $data[$v_username]['TIME'];
 $v_date = $data[$v_username]['DATE'];
 
 // List packages
-exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
-$packages = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-packages', ['json'], false, $output);
+$packages = json_decode($output, true);
 
 // List languages
-exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-$languages = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-languages', ['json'], false, $output);
+$languages = json_decode($output, true);
 
 // List shells
-exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-$shells = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-shells', ['json'], false, $output);
+$shells = json_decode($output, true);
 
 // Are you admin?
 
 // Check POST request
 if (!empty($_POST['save'])) {
-
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
     // Change password
@@ -89,38 +82,34 @@ if (!empty($_POST['save'])) {
         $fp = fopen($v_password, "w");
         fwrite($fp, $_POST['v_password']."\n");
         fclose($fp);
-        exec (VESTA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-change-user-password', [$v_username, $v_password]);
         unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        $v_password = $_POST['v_password'];
     }
 
     // Change package (admin only)
     if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
-        $v_package = escapeshellarg($_POST['v_package']);
-        exec (VESTA_CMD."v-change-user-package ".escapeshellarg($v_username)." ".$v_package, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_package = $_POST['v_package'];
+        v_exec('v-change-user-package', [$v_username, $v_package]);
     }
 
     // Change language
     if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
-        $v_language = escapeshellarg($_POST['v_language']);
-        exec (VESTA_CMD."v-change-user-language ".escapeshellarg($v_username)." ".$v_language, $output, $return_var);
-        check_return_code($return_var,$output);
+        $v_language = $_POST['v_language'];
+        v_exec('v-change-user-language', [$v_username, $v_language]);
         if (empty($_SESSION['error_msg'])) {
-             if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) $_SESSION['language'] = $_POST['v_language'];
+            if ((empty($_GET['user'])) || ($_GET['user'] == $_SESSION['user'])) {
+                $_SESSION['language'] = $_POST['v_language'];
+            }
         }
-        unset($output);
     }
 
     // Change shell (admin only)
-    if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
-        $v_shell = escapeshellarg($_POST['v_shell']);
-        exec (VESTA_CMD."v-change-user-shell ".escapeshellarg($v_username)." ".$v_shell, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+    if ($_SESSION['user'] == 'admin') {
+        if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
+            $v_shell = $_POST['v_shell'];
+            v_exec('v-change-user-shell', [$v_username, $v_shell]);
+        }
     }
 
     // Change contact email
@@ -128,54 +117,37 @@ if (!empty($_POST['save'])) {
         if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
             $_SESSION['error_msg'] = __('Please enter valid email address.');
         } else {
-            $v_email = escapeshellarg($_POST['v_email']);
-            exec (VESTA_CMD."v-change-user-contact ".escapeshellarg($v_username)." ".$v_email, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            $v_email = $_POST['v_email'];
+            v_exec('v-change-user-contact', [$v_username, $v_email]);
         }
     }
 
     // Change full name
-    if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) {
-        $v_fname = escapeshellarg($_POST['v_fname']);
-        $v_lname = escapeshellarg($_POST['v_lname']);
-        exec (VESTA_CMD."v-change-user-name ".escapeshellarg($v_username)." ".$v_fname." ".$v_lname, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+    if ((($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) && (empty($_SESSION['error_msg']))) {
         $v_fname = $_POST['v_fname'];
         $v_lname = $_POST['v_lname'];
+        v_exec('v-change-user-name', [$v_username, $v_fname, $v_lname]);
     }
 
     // Change NameServers
-    if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
- || ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8']) && (empty($_SESSION['error_msg']))) {
-        $v_ns1 = escapeshellarg($_POST['v_ns1']);
-        $v_ns2 = escapeshellarg($_POST['v_ns2']);
-        $v_ns3 = escapeshellarg($_POST['v_ns3']);
-        $v_ns4 = escapeshellarg($_POST['v_ns4']);
-        $v_ns5 = escapeshellarg($_POST['v_ns5']);
-        $v_ns6 = escapeshellarg($_POST['v_ns6']);
-        $v_ns7 = escapeshellarg($_POST['v_ns7']);
-        $v_ns8 = escapeshellarg($_POST['v_ns8']);
-        $ns_cmd = VESTA_CMD."v-change-user-ns ".escapeshellarg($v_username)." ".$v_ns1." ".$v_ns2;
-        if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
-        if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
-        if (!empty($_POST['v_ns5'])) $ns_cmd = $ns_cmd." ".$v_ns5;
-        if (!empty($_POST['v_ns6'])) $ns_cmd = $ns_cmd." ".$v_ns6;
-        if (!empty($_POST['v_ns7'])) $ns_cmd = $ns_cmd." ".$v_ns7;
-        if (!empty($_POST['v_ns8'])) $ns_cmd = $ns_cmd." ".$v_ns8;
-        exec ($ns_cmd, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-
-        $v_ns1 = str_replace("'","", $v_ns1);
-        $v_ns2 = str_replace("'","", $v_ns2);
-        $v_ns3 = str_replace("'","", $v_ns3);
-        $v_ns4 = str_replace("'","", $v_ns4);
-        $v_ns5 = str_replace("'","", $v_ns5);
-        $v_ns6 = str_replace("'","", $v_ns6);
-        $v_ns7 = str_replace("'","", $v_ns7);
-        $v_ns8 = str_replace("'","", $v_ns8);
+    if ((($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) || ($v_ns5 != $_POST['v_ns5'])
+ || ($v_ns6 != $_POST['v_ns6']) || ($v_ns7 != $_POST['v_ns7']) || ($v_ns8 != $_POST['v_ns8'])) && (empty($_SESSION['error_msg']))) {
+        $v_ns1 = $_POST['v_ns1'];
+        $v_ns2 = $_POST['v_ns2'];
+        $v_ns3 = $_POST['v_ns3'];
+        $v_ns4 = $_POST['v_ns4'];
+        $v_ns5 = $_POST['v_ns5'];
+        $v_ns6 = $_POST['v_ns6'];
+        $v_ns7 = $_POST['v_ns7'];
+        $v_ns8 = $_POST['v_ns8'];
+        $ns_args = [$v_username, $v_ns1, $v_ns2];
+        if (!empty($_POST['v_ns3'])) $ns_args[] = $v_ns3;
+        if (!empty($_POST['v_ns4'])) $ns_args[] = $v_ns4;
+        if (!empty($_POST['v_ns5'])) $ns_args[] = $v_ns5;
+        if (!empty($_POST['v_ns6'])) $ns_args[] = $v_ns6;
+        if (!empty($_POST['v_ns7'])) $ns_args[] = $v_ns7;
+        if (!empty($_POST['v_ns8'])) $ns_args[] = $v_ns8;
+        v_exec('v-change-user-ns', $ns_args);
     }
 
     // Set success message

web/edit/web/index.php

@@ -16,18 +16,17 @@ if (empty($_GET['domain'])) {
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    $user=escapeshellarg($_GET['user']);
+    $user = $_GET['user'];
 }
 
+$v_username = $user;
+$v_domain = $_GET['domain'];
+
 // List domain
-$v_domain = escapeshellarg($_GET['domain']);
-exec (VESTA_CMD."v-list-web-domain ".$user." ".$v_domain." json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-web-domain', [$user, $v_domain, 'json'], false, $output);
+$data = json_decode($output, true);
 
 // Parse domain
-$v_username = $user;
-$v_domain = $_GET['domain'];
 $v_ip = $data[$v_domain]['IP'];
 $v_template = $data[$v_domain]['TPL'];
 $v_aliases = str_replace(',', "\n", $data[$v_domain]['ALIAS']);
@@ -36,10 +35,9 @@ $v_tpl = $data[$v_domain]['IP'];
 $v_cgi = $data[$v_domain]['CGI'];
 $v_elog = $data[$v_domain]['ELOG'];
 $v_ssl = $data[$v_domain]['SSL'];
-if ( $v_ssl == 'yes' ) {
-    exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var);
-    $ssl_str = json_decode(implode('', $output), true);
-    unset($output);
+if ($v_ssl == 'yes') {
+    v_exec('v-list-web-domain-ssl', [$user, $v_domain, 'json'], false, $output);
+    $ssl_str = json_decode($output, true);
     $v_ssl_crt = $ssl_str[$v_domain]['CRT'];
     $v_ssl_key = $ssl_str[$v_domain]['KEY'];
     $v_ssl_ca = $ssl_str[$v_domain]['CA'];
@@ -51,10 +49,10 @@ $v_proxy_template = $data[$v_domain]['PROXY'];
 $v_proxy_ext = str_replace(',', ', ', $data[$v_domain]['PROXY_EXT']);
 $v_stats = $data[$v_domain]['STATS'];
 $v_stats_user = $data[$v_domain]['STATS_USER'];
-if (!empty($v_stats_user)) $v_stats_password = "";
+if (!empty($v_stats_user)) $v_stats_password = '';
 $v_ftp_user = $data[$v_domain]['FTP_USER'];
 $v_ftp_path = $data[$v_domain]['FTP_PATH'];
-if (!empty($v_ftp_user)) $v_ftp_password = "";
+if (!empty($v_ftp_user)) $v_ftp_password = '';
 $v_ftp_user_prepath = $data[$v_domain]['DOCUMENT_ROOT'];
 $v_ftp_user_prepath = str_replace('/public_html', '', $v_ftp_user_prepath, $occurance = 1);
 $v_ftp_email = $panel[$user]['CONTACT'];
@@ -68,87 +66,78 @@ $v_time = $data[$v_domain]['TIME'];
 $v_date = $data[$v_domain]['DATE'];
 
 // List ip addresses
-exec (VESTA_CMD."v-list-user-ips ".$user." json", $output, $return_var);
-$ips = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-ips', [$user, 'json'], false, $output);
+$ips = json_decode($output, true);
 
 // List web templates
-exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
-$templates = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-web-templates', ['json'], false, $output);
+$templates = json_decode($output, true);
 
 // List backend templates
 if (!empty($_SESSION['WEB_BACKEND'])) {
-    exec (VESTA_CMD."v-list-web-templates-backend json", $output, $return_var);
-    $backend_templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-web-templates-backend', ['json'], false, $output);
+    $backend_templates = json_decode($output, true);
 }
 
 // List proxy templates
 if (!empty($_SESSION['PROXY_SYSTEM'])) {
-    exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
-    $proxy_templates = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-web-templates-proxy', ['json'], false, $output);
+    $proxy_templates = json_decode($output, true);
 }
 
 // List web stat engines
-exec (VESTA_CMD."v-list-web-stats json", $output, $return_var);
-$stats = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-web-stats', ['json'], false, $output);
+$stats = json_decode($output, true);
 
 // Check POST request
 if (!empty($_POST['save'])) {
-    $v_domain = escapeshellarg($_POST['v_domain']);
+    $v_domain = $_POST['v_domain'];
 
     // Check token
     if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
         header('location: /login/');
-        exit();
+        exit;
     }
 
-    // Change web domain IP
-    if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
-        $v_ip = escapeshellarg($_POST['v_ip']);
-        exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        $restart_web = 'yes';
-        $restart_proxy = 'yes';
-        unset($output);
-    }
+    // IP has been changed
+    if ($v_ip != $_POST['v_ip']) {
+        $v_ip = $_POST['v_ip'];
 
-    // Chane dns domain IP
-    if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg'])))  {
-        exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var);
-        unset($output);
-        if ($return_var == 0 ) {
-            exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $restart_dns = 'yes';
+        // Change web domain IP
+        if (empty($_SESSION['error_msg'])) {
+            v_exec('v-change-web-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
+            $restart_web = 'yes';
+            $restart_proxy = 'yes';
         }
-    }
 
-    // Change dns ip for each alias
-    if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
-        foreach($valiases as $v_alias ){
-            exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var);
-            unset($output);
-            if ($return_var == 0 ) {
-                exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+        // Chane dns domain IP
+        if (empty($_SESSION['error_msg']))  {
+            $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain, 'json'], false);
+            if ($return_var == 0) {
+                v_exec('v-change-dns-domain-ip', [$v_username, $v_domain, $v_ip, 'no']);
                 $restart_dns = 'yes';
             }
         }
+
+        // Change dns ip for each alias
+        if (empty($_SESSION['error_msg'])) {
+            foreach ($valiases as $v_alias) {
+                $return_var = v_exec('v-list-dns-domain', [$v_username, $v_alias, 'json'], false);
+                if ($return_var == 0) {
+                    v_exe ('v-change-dns-domain-ip', [$v_username, $v_alias, $v_ip]);
+                    $restart_dns = 'yes';
+                }
+            }
+        }
     }
 
     // Change template (admin only)
-    if (($v_template != $_POST['v_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
-        $v_template = escapeshellarg($_POST['v_template']);
-        exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $restart_web = 'yes';
+    if ($_SESSION['user'] == 'admin') {
+        if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
+            $v_template = $_POST['v_template'];
+            v_exec('v-change-web-domain-tpl', [$v_username, $v_domain, $v_template, 'no']);
+            $restart_web = 'yes';
+        }
     }
 
     // Change aliases
@@ -164,18 +153,12 @@ if (!empty($_POST['save'])) {
             if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
                 $restart_web = 'yes';
                 $restart_proxy = 'yes';
-                $v_template = escapeshellarg($_POST['v_template']);
-                exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-
+                $v_template = $_POST['v_template'];
+                v_exec('v-delete-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
                 if (empty($_SESSION['error_msg'])) {
-                    exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
-                    unset($output);
+                    $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
                     if ($return_var == 0) {
-                        exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var);
-                        check_return_code($return_var,$output);
-                        unset($output);
+                        v_exec('v-delete-dns-on-web-alias', [$v_username, $v_domain, $alias, 'no']);
                         $restart_dns = 'yes';
                     }
                 }
@@ -187,17 +170,12 @@ if (!empty($_POST['save'])) {
             if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
                 $restart_web = 'yes';
                 $restart_proxy = 'yes';
-                $v_template = escapeshellarg($_POST['v_template']);
-                exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".escapeshellarg($alias)." 'no'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
+                $v_template = $_POST['v_template'];
+                v_exec('v-add-web-domain-alias', [$v_username, $v_domain, $alias, 'no']);
                 if (empty($_SESSION['error_msg'])) {
-                    exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
-                    unset($output);
+                    $return_var = v_exec('v-list-dns-domain', [$v_username, $v_domain], false);
                     if ($return_var == 0) {
-                        exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".escapeshellarg($alias)." ".$v_ip." no", $output, $return_var);
-                        check_return_code($return_var,$output);
-                    unset($output);
+                        v_exec('v-add-dns-on-web-alias', [$v_username, $alias, $v_ip, 'no']);
                         $restart_dns = 'yes';
                     }
                 }
@@ -205,19 +183,17 @@ if (!empty($_POST['save'])) {
         }
     }
 
-    // Change backend template
-    if ((!empty($_SESSION['WEB_BACKEND'])) && ( $v_backend_template != $_POST['v_backend_template']) && ( $_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
+    // Change backend template (admin only)
+    if ($_SESSION['user'] == 'admin') {
+        if ((!empty($_SESSION['WEB_BACKEND'])) && ($v_backend_template != $_POST['v_backend_template']) && (empty($_SESSION['error_msg']))) {
             $v_backend_template = $_POST['v_backend_template'];
-            exec (VESTA_CMD."v-change-web-domain-backend-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_backend_template), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-web-domain-backend-tpl', [$v_username, $v_domain, $v_backend_template]);
+        }
     }
 
     // Delete proxy support
     if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-delete-web-domain-proxy', [$v_username, $v_domain, 'no']);
         unset($v_proxy);
         $restart_proxy = 'yes';
     }
@@ -229,13 +205,11 @@ if (!empty($_POST['save'])) {
         $ext = preg_replace('/\s+/', ' ',$ext);
         $ext = trim($ext);
         $ext = str_replace(' ', ", ", $ext);
-        if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
+        if (($v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) {
             $ext = str_replace(', ', ",", $ext);
             if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template'];
-            exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
+            v_exec('v-change-web-domain-proxy-tpl', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
             $v_proxy_ext = str_replace(',', ', ', $ext);
-            unset($output);
             $restart_proxy = 'yes';
         }
     }
@@ -251,17 +225,13 @@ if (!empty($_POST['save'])) {
             $ext = str_replace(' ', ",", $ext);
             $v_proxy_ext = str_replace(',', ', ', $ext);
         }
-        exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-add-web-domain-proxy', [$v_username, $v_domain, $v_proxy_template, $ext, 'no']);
         $restart_proxy = 'yes';
     }
 
     // Delete SSL certificate
-    if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+    if (($v_ssl == 'yes') && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+        v_exec('v-delete-web-domain-ssl', [$v_username, $v_domain, 'no']);
         $v_ssl = 'no';
         $restart_web = 'yes';
         $restart_proxy = 'yes';
@@ -297,9 +267,7 @@ if (!empty($_POST['save'])) {
                 fclose($fp);
             }
 
-            exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-change-web-domain-sslcert', [$user, $v_domain, $tmpdir, 'no']);
             $restart_web = 'yes';
             $restart_proxy = 'yes';
             $v_ssl_crt = $_POST['v_ssl_crt'];
@@ -328,7 +296,6 @@ if (!empty($_POST['save'])) {
         if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_crt']))) $errors[] = 'ssl certificate';
         if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_key']))) $errors[] = 'ssl key';
         if ((!empty($_POST['v_ssl'])) && (empty($_POST['v_ssl_home']))) $errors[] = 'ssl home';
-        $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
         if (!empty($errors[0])) {
             foreach ($errors as $i => $error) {
                 if ( $i == 0 ) {
@@ -337,41 +304,41 @@ if (!empty($_POST['save'])) {
                     $error_msg = $error_msg.", ".$error;
                 }
             }
-            $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+            $_SESSION['error_msg'] = __('Field "%s" can not be blank.', $error_msg);
         } else {
-            exec ('mktemp -d', $mktemp_output, $return_var);
+            $v_ssl_home = $_POST['v_ssl_home'];
+            $v_ssl_crt = str_replace("\r\n", "\n", $_POST['v_ssl_crt']);
+            $v_ssl_key = str_replace("\r\n", "\n", $_POST['v_ssl_key']);
+            $v_ssl_ca = str_replace("\r\n", "\n", $_POST['v_ssl_ca']);
+
+            exec('mktemp -d', $mktemp_output, $return_var);
             $tmpdir = $mktemp_output[0];
 
             // Certificate
             if (!empty($_POST['v_ssl_crt'])) {
                 $fp = fopen($tmpdir."/".$_POST['v_domain'].".crt", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
+                fwrite($fp, $v_ssl_crt);
                 fclose($fp);
             }
 
             // Key
             if (!empty($_POST['v_ssl_key'])) {
                 $fp = fopen($tmpdir."/".$_POST['v_domain'].".key", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
+                fwrite($fp, $v_ssl_key);
                 fclose($fp);
             }
 
             // CA
             if (!empty($_POST['v_ssl_ca'])) {
                 $fp = fopen($tmpdir."/".$_POST['v_domain'].".ca", 'w');
-                fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca']));
+                fwrite($fp, $v_ssl_ca);
                 fclose($fp);
             }
-            exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+
+            v_exec('v-add-web-domain-ssl', [$user, $v_domain, $tmpdir, $v_ssl_home, 'no']);
             $v_ssl = 'yes';
             $restart_web = 'yes';
             $restart_proxy = 'yes';
-            $v_ssl_crt = $_POST['v_ssl_crt'];
-            $v_ssl_key = $_POST['v_ssl_key'];
-            $v_ssl_ca = $_POST['v_ssl_ca'];
-            $v_ssl_home = $_POST['v_ssl_home'];
 
             // Cleanup certificate tempfiles
             if (!empty($_POST['v_ssl_crt'])) {
@@ -391,47 +358,36 @@ if (!empty($_POST['save'])) {
     }
 
     // Change document root for ssl domain
-    if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
-        if ( $v_ssl_home != $_POST['v_ssl_home'] ) {
-            $v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
-            exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
+    if (($v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+        if ($v_ssl_home != $_POST['v_ssl_home']) {
             $v_ssl_home = $_POST['v_ssl_home'];
-            unset($output);
+            v_exec('v-change-web-domain-sslhome', [$user, $v_domain, $v_ssl_home, 'no']);
         }
     }
 
     // Delete web stats
     if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-web-domain-stats ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
         $v_stats = '';
+        v_exec('v-delete-web-domain-stats', [$v_username, $v_domain]);
     }
 
     // Change web stats engine
     if ((!empty($v_stats)) && ($_POST['v_stats'] != $v_stats) && (empty($_SESSION['error_msg']))) {
-        $v_stats = escapeshellarg($_POST['v_stats']);
-        exec (VESTA_CMD."v-change-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_stats = $_POST['v_stats'];
+        v_exec('v-change-web-domain-stats', [$v_username, $v_domain, $v_stats]);
     }
 
     // Add web stats
     if ((empty($v_stats)) && ($_POST['v_stats'] != 'none') && (empty($_SESSION['error_msg']))) {
-        $v_stats = escapeshellarg($_POST['v_stats']);
-        exec (VESTA_CMD."v-add-web-domain-stats ".$v_username." ".$v_domain." ".$v_stats, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        $v_stats = $_POST['v_stats'];
+        v_exec('v-add-web-domain-stats', [$v_username, $v_domain, $v_stats]);
     }
 
     // Delete web stats authorization
     if ((!empty($v_stats_user)) && (empty($_POST['v_stats_auth'])) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-delete-web-domain-stats-user ".$v_username." ".$v_domain, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
         $v_stats_user = '';
         $v_stats_password = '';
+        v_exec('v-delete-web-domain-stats-user', [$v_username, $v_domain]);
     }
 
     // Change web stats user or password
@@ -447,16 +403,14 @@ if (!empty($_POST['save'])) {
             }
             $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
         } else {
-            $v_stats_user = escapeshellarg($_POST['v_stats_user']);
+            $v_stats_user = $_POST['v_stats_user'];
             $v_stats_password = tempnam("/tmp","vst");
             $fp = fopen($v_stats_password, "w");
             fwrite($fp, $_POST['v_stats_password']."\n");
             fclose($fp);
-            exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
             unlink($v_stats_password);
-            $v_stats_password = escapeshellarg($_POST['v_stats_password']);
+            $v_stats_password = $_POST['v_stats_password'];
         }
     }
 
@@ -474,16 +428,14 @@ if (!empty($_POST['save'])) {
             $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
         }
         if (($v_stats_user != $_POST['v_stats_user']) || (!empty($_POST['v_stats_password'])) && (empty($_SESSION['error_msg']))) {
-            $v_stats_user = escapeshellarg($_POST['v_stats_user']);
+            $v_stats_user = $_POST['v_stats_user'];
             $v_stats_password = tempnam("/tmp","vst");
             $fp = fopen($v_stats_password, "w");
             fwrite($fp, $_POST['v_stats_password']."\n");
             fclose($fp);
-            exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+            v_exec('v-add-web-domain-stats-user', [$v_username, $v_domain, $v_stats_user, $v_stats_password]);
             unlink($v_stats_password);
-            $v_stats_password = escapeshellarg($_POST['v_stats_password']);
+            $v_stats_password = $_POST['v_stats_password'];
         }
     }
 
@@ -513,15 +465,13 @@ if (!empty($_POST['save'])) {
                 // Add ftp account
                 $v_ftp_username      = $v_ftp_user_data['v_ftp_user'];
                 $v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
-                $v_ftp_user = escapeshellarg($v_ftp_username);
-                $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
+                $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
                 if (empty($_SESSION['error_msg'])) {
                     $v_ftp_password = tempnam("/tmp","vst");
                     $fp = fopen($v_ftp_password, "w");
                     fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
                     fclose($fp);
-                    exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_user." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
-                    check_return_code($return_var,$output);
+                    v_exec('v-add-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password, $v_ftp_path]);
                     if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
                         $to = $v_ftp_user_data['v_ftp_email'];
                         $subject = __("FTP login credentials");
@@ -531,16 +481,14 @@ if (!empty($_POST['save'])) {
                         send_email($to, $subject, $mailtext, $from);
                         unset($v_ftp_email);
                     }
-                    unset($output);
                     unlink($v_ftp_password);
-                    $v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
+                    $v_ftp_password = $v_ftp_user_data['v_ftp_password'];
                 }
 
                 if ($return_var == 0) {
-                    $v_ftp_password = "";
+                    $v_ftp_password = '';
                     $v_ftp_user_data['is_new'] = 0;
-                }
-                else {
+                } else {
                     $v_ftp_user_data['is_new'] = 1;
                 }
 
@@ -559,10 +507,7 @@ if (!empty($_POST['save'])) {
             // Delete FTP account
             if ($v_ftp_user_data['delete'] == 1) {
                 $v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user'];
-                exec (VESTA_CMD."v-delete-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-
+                v_exec('v-delete-web-domain-ftp', [$v_username, $v_domain, $v_ftp_username]);
                 continue;
             }
 
@@ -581,10 +526,9 @@ if (!empty($_POST['save'])) {
 
                 // Change FTP account path
                 $v_ftp_username = $user . '_' . $v_ftp_user_data['v_ftp_user']; //preg_replace("/^".$user."_/", "", $v_ftp_user_data['v_ftp_user']);
-                $v_ftp_username = escapeshellarg($v_ftp_username);
                 //if (!empty($v_ftp_user_data['v_ftp_path'])) {
-                    $v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
-                    exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
+                    $v_ftp_path = trim($v_ftp_user_data['v_ftp_path']);
+                    v_exec('v-change-web-domain-ftp-path', [$v_username, $v_domain, $v_ftp_username, $v_ftp_path]);
                 //}
 
                 // Change FTP account password
@@ -593,7 +537,7 @@ if (!empty($_POST['save'])) {
                     $fp = fopen($v_ftp_password, "w");
                     fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
                     fclose($fp);
-                    exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password, $output, $return_var);
+                    v_exec('v-change-web-domain-ftp-password', [$v_username, $v_domain, $v_ftp_username, $v_ftp_password]);
                     unlink($v_ftp_password);
 
                     $to = $v_ftp_user_data['v_ftp_email'];
@@ -604,8 +548,6 @@ if (!empty($_POST['save'])) {
                     send_email($to, $subject, $mailtext, $from);
                     unset($v_ftp_email);
                 }
-                check_return_code($return_var, $output);
-                unset($output);
 
                 $v_ftp_users_updated[] = array(
                     'is_new'            => 0,
@@ -621,23 +563,17 @@ if (!empty($_POST['save'])) {
 
     // Restart web server
     if (!empty($restart_web) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-web", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-web');
     }
 
     // Restart proxy server
     if ((!empty($_SESSION['PROXY_SYSTEM'])) && !empty($restart_proxy) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-proxy", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-proxy');
     }
 
     // Restart dns server
     if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
-        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
+        v_exec('v-restart-dns');
     }
 
     // Set success message

web/file_manager/fm_api.php

@@ -10,13 +10,12 @@ include($_SERVER['DOCUMENT_ROOT']."/file_manager/fm_core.php");
 
 // todo: set in session?
 if (empty($panel)) {
-    $command = VESTA_CMD."v-list-user '".$user."' 'json'";
-    exec ($command, $output, $return_var);
-    if ( $return_var > 0 ) {
+    $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
+    if ($return_var > 0) {
         header("Location: /error/");
         exit;
     }
-    $panel = json_decode(implode('', $output), true);
+    $panel = json_decode($output, true);
 }
 
 $fm = new FileManager($user);
@@ -31,27 +30,23 @@ switch ($_REQUEST['action']) {
         break;
     case 'check_file_type':
         $dir = $_REQUEST['dir'];
-        
         print json_encode($fm->checkFileType($dir));
         break;
     case 'rename_file':
         $dir = $_REQUEST['dir'];
         $item = $_REQUEST['item'];
         $target_name = $_REQUEST['target_name'];
-
         print json_encode($fm->renameFile($dir, $item, $target_name));
         break;
     case 'rename_directory':
         $dir = $_REQUEST['dir'];
         $item = $_REQUEST['item'];
         $target_name = $_REQUEST['target_name'];
-
         print json_encode($fm->renameDirectory($dir, $item, $target_name));
         break;
     case 'delete_files':
         $dir = $_REQUEST['dir'];
         $item = $_REQUEST['item'];
-
         print json_encode($fm->deleteItem($dir, $item));
         break;
     case 'create_file':
@@ -64,7 +59,6 @@ switch ($_REQUEST['action']) {
         $dirname = $_REQUEST['dirname'];
         print json_encode($fm->createDir($dir, $dirname));
         break;
-    
     case 'open_file':
         $dir = $_REQUEST['dir'];
         print json_encode($fm->open_file($dir));

web/file_manager/fm_core.php

@@ -1,7 +1,9 @@
 <?php
 
+require_once(__DIR__.'/../inc/exec.php');
+
 class FileManager {
-    
+
     protected $delimeter = '|';
     protected $info_positions = array(
         'TYPE'          => 0,
@@ -13,26 +15,45 @@ class FileManager {
         'SIZE'          => 6,
         'NAME'          => 7
     );
-    
+
     protected $user  = null;
     public $ROOT_DIR = null;
-    
+
+
+    static function v_exec($command, array $arguments=[], $checkReturn=true, &$output=null) {
+        $output = '';
+        $return_var = v_exec($command, $arguments, false, $output);
+        return $checkReturn ? self::check_return_code($return_var, explode("\n", $output)) : null;
+    }
+
+    static function check_return_code($return_var, $output) {
+        if ($return_var != 0) {
+            $error = implode('<br>', $output);
+            return $error;
+            //if (empty($error)) $error = __('Error code:',$return_var);
+            //$_SESSION['error_msg'] = $error;
+        }
+
+        return null;
+    }
+
+
     public function setRootDir($root = null) {
         if (null != $root) {
-            $root = realpath($root);        
+            $root = realpath($root);
         }
         $this->ROOT_DIR = $root;
     }
-    
+
     public function __construct($user) {
         $this->user = $user;
     }
-    
+
     /*public function init() {
         $path = !empty($_REQUEST['dir']) ? $_REQUEST['dir'] : '';
         $start_url = !empty($path) ? $this->ROOT_DIR . '/' . $path : $this->ROOT_DIR;
         $listing = $this->getDirectoryListing($path);
-         
+
         return $data = array(
             'result'     => true,
             'ROOT_DIR'   => $this->ROOT_DIR,
@@ -41,55 +62,52 @@ class FileManager {
             'listing'    => $listing
         );
     }*/
-    
+
     public function checkFileType($dir) {
         $dir = $this->formatFullPath($dir);
-        exec(VESTA_CMD . "v-get-fs-file-type {$this->user} {$dir}", $output, $return_var);
-        $error = self::check_return_code($return_var, $output);
+
+        $error = self::v_exec('v-get-fs-file-type', [$this->user, $dir]);
+
         if (empty($error)) {
             return array(
                 'result' => true,
                 'data'   => implode('', $output)
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
+
     public function formatFullPath($path_part = '') {
         if (substr($path_part, 0, strlen($this->ROOT_DIR)) === $this->ROOT_DIR) {
             $path = $path_part;
-        }
-        else {
+        } else {
             $path = $this->ROOT_DIR . '/' . $path_part;
         }
         //var_dump($path);die();
         //$path = str_replace(' ', '\ ', $path);
-        return escapeshellarg($path);
+        return $path;
     }
-    
+
     function deleteItem($dir, $item) {
         $dir = $this->formatFullPath($item);
-        exec (VESTA_CMD . "v-delete-fs-directory {$this->user} {$dir}", $output, $return_var);
 
-        $error = self::check_return_code($return_var, $output);
-        
+        $error = self::v_exec('v-delete-fs-directory', [$this->user, $dir]);
+
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
-        
+
         /*if (is_readable($item)) {
             unlink($item);
         }
@@ -103,100 +121,76 @@ class FileManager {
             'result' => true
         );*/
     }
-    
+
     function copyFile($item, $dir, $target_dir, $filename) {
         $src = $this->formatFullPath($item);
         $dst = $this->formatFullPath($target_dir);
-    
-        exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src} {$dst}", $output, $return_var);
 
-        $error = self::check_return_code($return_var, $output);
-        
+        $error = self::v_exec('v-copy-fs-file', [$this->user, $src, $dst]);
+
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
-    
+
+
     function copyDirectory($item, $dir, $target_dir, $filename) {
         $src = $this->formatFullPath($item);
         $dst = $this->formatFullPath($target_dir);
-    
-        exec (VESTA_CMD . "v-copy-fs-directory {$this->user} {$src} {$dst}", $output, $return_var);
 
+        $error = self::v_exec('v-copy-fs-directory', [$this->user, $src, $dst]);
 
-        $error = self::check_return_code($return_var, $output);
-        
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
-    static function check_return_code($return_var, $output) {
-        if ($return_var != 0) {
-            $error = implode('<br>', $output);
-            return $error;
-            //if (empty($error)) $error = __('Error code:',$return_var);
-            //$_SESSION['error_msg'] = $error;
-        }
-        
-        return null;
-    }
-    
+
     function createFile($dir, $filename) {
         $dir = $this->formatFullPath($dir . '/' . $filename);
 
-        exec (VESTA_CMD . "v-add-fs-file {$this->user} {$dir}", $output, $return_var);
+        $error = self::v_exec('v-add-fs-file', [$this->user, $dir]);
 
-        $error = self::check_return_code($return_var, $output);
-        
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
+
     function packItem($item, $dir, $target_dir, $filename) {
         $item     = $this->formatFullPath($item);
         $dst_item = $this->formatFullPath($target_dir);
-        
         $dst_item = str_replace('.tar.gz', '', $dst_item);
-        
+
         //$item = str_replace($dir . '/', '', $item);
 //var_dump(VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}");die();
-        exec (VESTA_CMD . "v-add-fs-archive {$this->user} {$dst_item} {$item}", $output, $return_var);
 
-        $error = self::check_return_code($return_var, $output);
-        
+        $error = self::v_exec('v-add-fs-archive', [$this->user, $dst_item, $item]);
+
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
@@ -205,83 +199,58 @@ class FileManager {
     }
 
     function backupItem($item) {
-        
         $src_item     = $this->formatFullPath($item);
-        
         $dst_item_name = $item . '~' . date('Ymd_His');
-
         $dst_item = $this->formatFullPath($dst_item_name);
 
 //print VESTA_CMD . "v-add-fs-archive {$this->user} {$item} {$dst_item}";die();
-        exec (VESTA_CMD . "v-copy-fs-file {$this->user} {$src_item} {$dst_item}", $output, $return_var);
 
-        $error = self::check_return_code($return_var, $output);
-        
+        $error = self::v_exec('v-copy-fs-file', [$this->user, $src_item, $dst_item]);
+
         if (empty($error)) {
             return array(
                 'result'   => true,
                 'filename' => $dst_item_name
             );
-        }
-        else {
-            return array(
-                'result'   => false,
-                'message'  => $error
-            );
-        }
-
-        $error = self::check_return_code($return_var, $output);
-        
-        if (empty($error)) {
-            return array(
-                'result' => true
-            );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
+
     function unpackItem($item, $dir, $target_dir, $filename) {
         $item     = $this->formatFullPath($item);
         $dst_item = $this->formatFullPath($target_dir);
 
-        exec (VESTA_CMD . "v-extract-fs-archive {$this->user} {$item} {$dst_item}", $output, $return_var);
+        $error = self::v_exec('v-extract-fs-archive', [$this->user, $item, $dst_item]);
 
-        $error = self::check_return_code($return_var, $output);
-        
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
+
     function renameFile($dir, $item, $target_name) {
         $item     = $this->formatFullPath($dir . '/' . $item);
         $dst_item = $this->formatFullPath($dir . '/' . $target_name);
-        
-//        var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
 
-        exec (VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}", $output, $return_var);
+//var_dump(VESTA_CMD . "v-move-fs-file {$this->user} {$item} {$dst_item}");die();
+
+        $error = self::v_exec('v-move-fs-file', [$this->user, $item, $dst_item]);
 
-        $error = self::check_return_code($return_var, $output);
-        
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
@@ -298,51 +267,43 @@ class FileManager {
             );
         }
 
+        $error = self::v_exec('v-move-fs-directory', [$this->user, $item, $dst_item]);
 
-        exec (VESTA_CMD . "v-move-fs-directory {$this->user} {$item} {$dst_item}", $output, $return_var);
-
-        $error = self::check_return_code($return_var, $output);
-        
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
+
     function createDir($dir, $dirname) {
         $dir = $this->formatFullPath($dir . '/' . $dirname);
 
-        exec (VESTA_CMD . "v-add-fs-directory {$this->user} {$dir}", $output, $return_var);
+        $error = self::v_exec('v-add-fs-directory', [$this->user, $dir]);
 
-        $error = self::check_return_code($return_var, $output);
-        
         if (empty($error)) {
             return array(
                 'result' => true
             );
-        }
-        else {
+        } else {
             return array(
                 'result'   => false,
                 'message'  => $error
             );
         }
     }
-    
+
     function getDirectoryListing($dir = '') {
         $dir = $this->formatFullPath($dir);
-        exec (VESTA_CMD . "v-list-fs-directory {$this->user} {$dir}", $output, $return_var);
-
-        return $this->parseListing($output);
+        self::v_exec('v-list-fs-directory', [$this->user, $dir], false, $output);
+        return $this->parseListing(explode("\n", $output));
     }
-    
+
     public function ls($dir = '') {
         $listing = $this->getDirectoryListing($dir);
 
@@ -351,7 +312,7 @@ class FileManager {
             'listing' => $listing
         );
     }
-    
+
     public function open_file($dir = '') {
         $listing = $this->getDirectoryListing($dir);
 
@@ -360,7 +321,7 @@ class FileManager {
             'listing' => $listing
         );
     }
-    
+
     public function parseListing($raw) {
         $data = array();
         foreach ($raw as $o) {
@@ -376,7 +337,7 @@ class FileManager {
                 'name'          => $info[$this->info_positions['NAME']]
             );
         }
-        
+
         return $data;
     }
 

web/generate/ssl/index.php

@@ -31,7 +31,7 @@ $_SESSION['back'] = '';
 if (!isset($_POST['generate'])) {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
     include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
-    exit();
+    exit;
 }
 
 // Check input
@@ -41,6 +41,7 @@ if (empty($_POST['v_state'])) $errors[] = __('domain');
 if (empty($_POST['v_locality'])) $errors[] = __('city');
 if (empty($_POST['v_org'])) $errors[] = __('organization');
 if (empty($_POST['v_email'])) $errors[] = __('email');
+
 $v_domain = $_POST['v_domain'];
 $v_email = $_POST['v_email'];
 $v_country = $_POST['v_country'];
@@ -61,44 +62,24 @@ if (!empty($errors[0])) {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
     include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
     unset($_SESSION['error_msg']);
-    exit();
+    exit;
 }
 
-// Protect input
-$v_domain = escapeshellarg($_POST['v_domain']);
-$v_email = escapeshellarg($_POST['v_email']);
-$v_country = escapeshellarg($_POST['v_country']);
-$v_state = escapeshellarg($_POST['v_state']);
-$v_locality = escapeshellarg($_POST['v_locality']);
-$v_org = escapeshellarg($_POST['v_org']);
-
-exec (VESTA_CMD."v-generate-ssl-cert ".$v_domain." ".$v_email." ".$v_country." ".$v_state." ".$v_locality." ".$v_org." IT json", $output, $return_var);
-
-// Revert to raw values
-$v_domain = $_POST['v_domain'];
-$v_email = $_POST['v_email'];
-$v_country = $_POST['v_country'];
-$v_state = $_POST['v_state'];
-$v_locality = $_POST['v_locality'];
-$v_org = $_POST['v_org'];
+$return_var = v_exec('v-generate-ssl-cert', [$v_domain, $v_email, $v_country, $v_state, $v_locality, $v_org, 'IT', 'json'], true, $output);
 
 // Check return code
 if ($return_var != 0) {
-    $error = implode('<br>', $output);
-    if (empty($error)) $error = __('Error code:',$return_var);
-    $_SESSION['error_msg'] = $error;
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/generate_ssl.html');
     include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
     unset($_SESSION['error_msg']);
-    exit();
+    exit;
 }
 
 // OK message
 $_SESSION['ok_msg'] = __('SSL_GENERATED_OK');
 
 // Parse output
-$data = json_decode(implode('', $output), true);
-unset($output);
+$data = json_decode($output, true);
 $v_crt = $data[$v_domain]['CRT'];
 $v_key = $data[$v_domain]['KEY'];
 $v_csr = $data[$v_domain]['CSR'];

web/inc/exec.php

@@ -0,0 +1,85 @@
+<?php
+// Secure `exec` wrapper functions
+
+define('SUDO_CMD', '/usr/bin/sudo');
+define('VESTA_BIN_DIR', '/usr/local/vesta/bin/');
+
+define('VESTA_CMD', SUDO_CMD.' '.VESTA_BIN_DIR);
+
+
+function check_error($return_var) {
+    if ($return_var > 0) {
+        header('Location: /error/');
+        exit;
+    }
+}
+
+function check_return_code($return_var, $output) {
+    if ($return_var != 0) {
+        $error = implode('<br>', $output);
+        if (empty($error)) $error = __('Error code:', $return_var);
+        $_SESSION['error_msg'] = $error;
+    }
+}
+
+/**
+ * Build shell command arguments from a string array.
+ * @param string[] $arguments Unescaped command line arguments. (eg. ['-a', "b'c"], default: [])
+ * @return string Escaped arguments.
+ */
+function build_shell_args($arguments=[]) {
+    $ret = [];
+    // Convert $arguments to an array
+    if (!is_array($arguments)) $arguments = !is_null($arguments) ? [$arguments] : [];
+    foreach ($arguments as $arg) {
+        // Convert $arg to a string if $arg is an array (for an argument like this: ?abc[def]=ghi)
+        if (is_array($arg)) $arg = implode('', $arg);
+        // Convert $arg to a string (just in case)
+        if (!is_string($arg)) $arg = (string)$arg;
+        // Append the argument
+        $ret[] = escapeshellarg($arg);
+    }
+    return implode(' ', $ret);
+}
+
+/**
+ * Execute a command.
+ * @param string   $command   Command to execute. (eg. ls)
+ * @param string[] $arguments (optional) Unescaped command line arguments. (eg. ['-a', '/'], default: [])
+ * @param string   &$output   (optional) Variable to contain output from the command.
+ * @return int Exit code (return status) of the executed command.
+ */
+function safe_exec($command, $arguments=[], &$output=null) {
+    $cmd = build_shell_args($command);
+    $arg = build_shell_args($arguments);
+    if (!empty($arg)) {
+        $cmd .= ' ' . $arg;
+    }
+    // Execute
+    exec($cmd, $rawOutput, $status);
+    $output = implode("\n", $rawOutput);
+    return $status;
+}
+
+/**
+ * Execute a vesta command line APIs (VESTA_CMD/v-*).
+ * (Wrapper function of `safe_exec`.)
+ * @see safe_exec
+ * @param string   $command     Command to execute. (eg. v-search-object)
+ * @param string[] $arguments   (optional) Unescaped command line arguments. (eg. ["We've", 'json'], default: [])
+ * @param bool     $checkReturn (optional) If this set to true, check_return_code will be called after the command executes. (default: true)
+ * @param string   &$output     (optional) Variable to contain output from the command.
+ * @return int Exit code (return status) of the executed command.
+ */
+function v_exec($command, $arguments=[], $checkReturn=true, &$output=null) {
+    // Check command
+    if (preg_match('#^\.*$|/#', $command)) return -1;
+    // Convert $arguments to an array
+    if (!is_array($arguments)) $arguments = !is_null($arguments) ? [$arguments] : [];
+    // Execute
+    $status = safe_exec([SUDO_CMD, VESTA_BIN_DIR.$command], $arguments, $output);
+    if ($checkReturn) {
+        check_return_code($status, explode("\n", $output));
+    }
+    return $status;
+}

web/inc/i18n.php

@@ -1,6 +1,8 @@
 <?php
 // Functions for internationalization
 
+require_once(__DIR__.'/exec.php');
+
 /**
  * Translates string to given language in first parameter, key given in second parameter (dynamically loads required language). Works like spritf from second parameter
  * @global array $LANG Associative array of language pharses
@@ -16,19 +18,19 @@ function _translate() {
     $key = $args[1];
 
     if (!isset($LANG[$l])) {
-        require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$l.'.php');
+        require_once(__DIR__."/i18n/$l.php");
     }
 
     if (!isset($LANG[$l][$key])) {
-        $text=$key;
+        $text = $key;
     } else {
-        $text=$LANG[$l][$key];
+        $text = $LANG[$l][$key];
     }
 
     array_shift($args);
-    if (count($args)>1) {
+    if (count($args) > 1) {
         $args[0] = $text;
-        return call_user_func_array("sprintf",$args);
+        return call_user_func_array('sprintf', $args);
     } else {
         return $text;
     }
@@ -42,8 +44,8 @@ function _translate() {
  */
 function __() {
     $args = func_get_args();
-    array_unshift($args,$_SESSION['language']);
-    return call_user_func_array("_translate",$args);
+    array_unshift($args, $_SESSION['language']);
+    return call_user_func_array('_translate', $args);
 }
 
 /**
@@ -86,16 +88,15 @@ function detect_user_language($fallback='en') {
     arsort($accept_langs_sorted);
 
     // List languages
-    exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-    $languages = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-sys-languages', ['json'], false, $output);
+    $languages = json_decode($output, true);
 
     // Find best matching language
-    foreach ($accept_langs_sorted as $user_lang => $dummy) {
+    foreach ($accept_langs_sorted as $req_lang => $dummy) {
         $decision = '';
         foreach ($languages as $prov_lang) {
             if (strlen($decision) > strlen($prov_lang)) continue;
-            if (strpos($user_lang, $prov_lang) !== false) {
+            if (stripos($req_lang, $prov_lang) !== false) {
                 $decision = $prov_lang;
             }
         }
@@ -109,4 +110,4 @@ function detect_user_language($fallback='en') {
     // Store result for reusing
     $user_lang = $fallback;
     return $user_lang;
-}
+}

web/inc/mail-wrapper.php

@@ -8,14 +8,15 @@ if (empty($argv[1])) {
 
 $options = getopt("s:f:");
 
+require_once(__DIR__.'/exec.php');
 
-define('NO_AUTH_REQUIRED',true);
+define('NO_AUTH_REQUIRED', true);
 include("/usr/local/vesta/web/inc/main.php");
 
 // Set system language
-exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-if (!empty( $data['config']['LANGUAGE'])) {
+v_exec('v-list-sys-config', ['json'], false, $output);
+$data = json_decode($output, true);
+if (!empty($data['config']['LANGUAGE'])) {
     $_SESSION['language'] = $data['config']['LANGUAGE'];
 } else {
     $_SESSION['language'] = 'en';

web/inc/main.php

@@ -1,7 +1,8 @@
 <?php
 session_start();
 
-require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n.php');
+require_once(__DIR__ . '/exec.php');
+require_once(__DIR__ . '/i18n.php');
 
 // Check system settings
 if ((!isset($_SESSION['VERSION'])) && (!defined('NO_AUTH_REQUIRED'))) {
@@ -25,8 +26,6 @@ if (isset($_SESSION['user'])) {
     }
 }
 
-define('VESTA_CMD', '/usr/bin/sudo /usr/local/vesta/bin/');
-
 $i = 0;
 
 if (isset($_SESSION['language'])) {
@@ -60,10 +59,10 @@ if (isset($_SESSION['look']) && ( $_SESSION['look'] != 'admin' )) {
 }
 
 function get_favourites(){
-    exec (VESTA_CMD."v-list-user-favourites ".$_SESSION['user']." json", $output, $return_var);
-//    $data = json_decode(implode('', $output).'}', true);
-    $data = json_decode(implode('', $output), true);
-    $data = array_reverse($data,true);
+    v_exec('v-list-user-favourites', [$_SESSION['user'], 'json'], false, $output);
+//    $data = json_decode($output.'}', true);
+    $data = json_decode($output, true);
+    $data = array_reverse($data, true);
     $favourites = array();
 
     foreach($data['Favourites'] as $key => $favourite){
@@ -71,7 +70,7 @@ function get_favourites(){
 
         $items = explode(',', $favourite);
         foreach($items as $item){
-            if($item)
+            if ($item)
                 $favourites[$key][trim($item)] = 1;
         }
     }
@@ -79,34 +78,15 @@ function get_favourites(){
     $_SESSION['favourites'] = $favourites;
 }
 
-
-
-function check_error($return_var) {
-    if ( $return_var > 0 ) {
-        header("Location: /error/");
-        exit;
-    }
-}
-
-function check_return_code($return_var,$output) {
-   if ($return_var != 0) {
-        $error = implode('<br>', $output);
-        if (empty($error)) $error = __('Error code:',$return_var);
-        $_SESSION['error_msg'] = $error;
-    }
-}
-
 function top_panel($user, $TAB) {
     global $panel;
-    $command = VESTA_CMD."v-list-user '".$user."' 'json'";
-    exec ($command, $output, $return_var);
-    if ( $return_var > 0 ) {
-        header("Location: /error/");
+    $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
+    if ($return_var > 0) {
+        header('Location: /error/');
         exit;
     }
-    $panel = json_decode(implode('', $output), true);
-    unset($output);
-    if ( $user == 'admin' ) {
+    $panel = json_decode($output, true);
+    if ($user == 'admin') {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/panel.html');
     } else {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/user/panel.html');

web/list/backup/exclusions/index.php

@@ -12,9 +12,8 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-user-backup-exclusions $user json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-backup-exclusions', [$user, 'json'], false, $output);
+$data = json_decode($output, true);
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_exclusions.html');
 
 // Back uri

web/list/backup/index.php

@@ -13,16 +13,14 @@ top_panel($user,$TAB);
 
 // Data
 if (empty($_GET['backup'])){
-    exec (VESTA_CMD."v-list-user-backups $user json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    $data = array_reverse($data,true);
-    unset($output);
+    v_exec('v-list-user-backups', [$user, 'json'], false, $output);
+    $data = json_decode($output, true);
+    $data = array_reverse($data, true);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup.html');
 } else {
-    exec (VESTA_CMD."v-list-user-backup $user '".escapeshellarg($_GET['backup'])."' json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    $data = array_reverse($data,true);
-    unset($output);
+    v_exec('v-list-user-backup', [$user, $_GET['backup'], 'json'], false, $output);
+    $data = json_decode($output, true);
+    $data = array_reverse($data, true);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_backup_detail.html');
 }
 

web/list/cron/index.php

@@ -13,10 +13,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-cron-jobs $user json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-$data = array_reverse($data,true);
-unset($output);
+v_exec('v-list-cron-jobs', [$user, 'json'], false, $output);
+$data = json_decode($output, true);
+$data = array_reverse($data, true);
 
 if ($_SESSION['user'] == 'admin') {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_cron.html');

web/list/db/index.php

@@ -12,10 +12,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-databases $user json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
+v_exec('v-list-databases', [$user, 'json'], false, $output);
+$data = json_decode($output, true);
 $data = array_reverse($data, true);
-unset($output);
 
 if ($_SESSION['user'] == 'admin') {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_db.html');

web/list/directory/index.php

@@ -11,17 +11,16 @@ if ((!isset($_SESSION['FILEMANAGER_KEY'])) || (empty($_SESSION['FILEMANAGER_KEY'
 
 // Check login_as feature
 if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
-    $user=$_SESSION['look'];
+    $user = $_SESSION['look'];
 }
 
 if (empty($panel)) {
-    $command = VESTA_CMD."v-list-user '".$user."' 'json'";
-    exec ($command, $output, $return_var);
-    if ( $return_var > 0 ) {
+    $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
+    if ($return_var > 0) {
         header("Location: /error/");
         exit;
     }
-    $panel = json_decode(implode('', $output), true);
+    $panel = json_decode($output, true);
 }
 
 $path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : '';

web/list/dns/index.php

@@ -14,20 +14,18 @@ top_panel($user,$TAB);
 
 // Data
 if (empty($_GET['domain'])){
-    exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-dns-domains', [$user, 'json'], false, $output);
+    $data = json_decode($output, true);
     $data = array_reverse($data, true);
-    unset($output);
     if ($_SESSION['user'] == 'admin') {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns.html');
     } else {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_dns.html');
     }
 } else {
-    exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-dns-records', [$user, $_GET['domain'], 'json'], false, $output);
+    $data = json_decode($output, true);
     $data = array_reverse($data, true);
-    unset($output);
     if ($_SESSION['user'] == 'admin') {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_dns_rec.html');
     } else {

web/list/favorites/index.php

@@ -5,20 +5,20 @@ error_reporting(NULL);
     echo '<br> Favorites: <br>';
 
     // Data
-    exec (VESTA_CMD."v-list-user-favourites ".$_SESSION['user']." json", $output, $return_var);
+    v_exec('v-list-user-favourites', [$_SESSION['user'], 'json'], false, $output);
 
 
-//    print_r(implode('', $output));
+//    print_r($output);
 //    $json = '{ "Favourites": { "USER": "", "WEB": "bulletfarm.com", "DNS": "", "MAIL": "", "DB": "", "CRON": "", "BACKUP": "", "IP": "", "PACKAGE": "", "FIREWALL": ""}}';
 //    $data = json_decode($json, true);
 
 
-    $data = json_decode(implode('', $output).'}', true);
-    $data = array_reverse($data,true);
+    $data = json_decode($output.'}', true);
+    $data = array_reverse($data, true);
 
     print_r($data);
 //    $data = array_reverse($data,true);
 
-//    $data = json_decode(implode('', $output), true);
+//    $data = json_decode($output, true);
 
 ?>

web/list/firewall/banlist/index.php

@@ -19,10 +19,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-firewall-ban json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
+v_exec('v-list-firewall-ban', ['json'], false, $output);
+$data = json_decode($output, true);
 $data = array_reverse($data, true);
-unset($output);
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall_banlist.html');
 
 // Back uri

web/list/firewall/index.php

@@ -19,10 +19,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-firewall json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
+v_exec('v-list-firewall', ['json'], false, $output);
+$data = json_decode($output, true);
 $data = array_reverse($data, true);
-unset($output);
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_firewall.html');
 
 // Back uri

web/list/ip/index.php

@@ -13,10 +13,9 @@ top_panel($user,$TAB);
 
 // Data
 if ($_SESSION['user'] == 'admin') {
-    exec (VESTA_CMD."v-list-sys-ips json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-sys-ips', ['json'], false, $output);
+    $data = json_decode($output, true);
     $data = array_reverse($data, true);
-    unset($output);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_ip.html');
 }
 

web/list/log/index.php

@@ -12,11 +12,10 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-user-log $user json", $output, $return_var);
+$return_var = v_exec('v-list-user-log', [$user, 'json'], false, $output);
 check_error($return_var);
-$data = json_decode(implode('', $output), true);
+$data = json_decode($output, true);
 $data = array_reverse($data);
-unset($output);
 
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_log.html');
 

web/list/mail/index.php

@@ -14,20 +14,18 @@ top_panel($user,$TAB);
 
 // Data
 if (empty($_GET['domain'])){
-    exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-mail-domains', [$user, 'json'], false, $output);
+    $data = json_decode($output, true);
     $data = array_reverse($data, true);
-    unset($output);
     if ($_SESSION['user'] == 'admin') {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail.html');
     } else {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_mail.html');
     }
 } else {
-    exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-mail-accounts', [$user, $_GET['domain'], 'json'], false, $output);
+    $data = json_decode($output, true);
     $data = array_reverse($data, true);
-    unset($output);
     if ($_SESSION['user'] == 'admin') {
         include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_mail_acc.html');
     } else {

web/list/notifications/index.php

@@ -5,17 +5,17 @@ error_reporting(NULL);
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
-if($_REQUEST['ajax'] == 1){
+if ($_REQUEST['ajax'] == 1) {
     // Data
-    exec (VESTA_CMD."v-list-user-notifications $user json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    $data = array_reverse($data,true);
-    foreach($data as $key => $note){
+    v_exec('v-list-user-notifications', [$user, 'json'], false, $output);
+    $data = json_decode($output, true);
+    $data = array_reverse($data, true);
+    foreach ($data as $key => $note) {
         $note['ID'] = $key;
         $data[$key] = $note;
     }
     echo json_encode($data);
-    exit();
+    exit;
 }
 
 
@@ -28,9 +28,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-user-notifications $user json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-$data = array_reverse($data,true);
+v_exec('v-list-user-notifications', [$user, 'json'], false, $output);
+$data = json_decode($output, true);
+$data = array_reverse($data, true);
 if ($_SESSION['user'] == 'admin') {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_notifications.html');
 } else {

web/list/package/index.php

@@ -18,9 +18,8 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-user-packages', ['json'], false, $output);
+$data = json_decode($output, true);
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_packages.html');
 
 // Back uri

web/list/rrd/index.php

@@ -13,9 +13,8 @@ top_panel($user,$TAB);
 
 // Data
 if ($_SESSION['user'] == 'admin') {
-    exec (VESTA_CMD."v-list-sys-rrd json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-sys-rrd', ['json'], false, $output);
+    $data = json_decode($output, true);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_rrd.html');
 }
 

web/list/server/index.php

@@ -15,60 +15,50 @@ if ($_SESSION['user'] != 'admin') {
 if (isset($_GET['cpu'])) {
     $TAB = 'CPU';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-cpu-status', $output, $return_var);
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+    v_exec('v-list-sys-cpu-status', [], false, $output);
+    echo $output . "\n";
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 // Memory info
 if (isset($_GET['mem'])) {
     $TAB = 'MEMORY';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-memory-status', $output, $return_var);
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+    v_exec('v-list-sys-memory-status', [], false, $output);
+    echo $output . "\n";
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 // Disk info
 if (isset($_GET['disk'])) {
     $TAB = 'MEMORY';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-disk-status', $output, $return_var);
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+    v_exec('v-list-sys-disk-status', [], false, $output);
+    echo $output . "\n";
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 // Network info
 if (isset($_GET['net'])) {
     $TAB = 'MEMORY';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-network-status', $output, $return_var);
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+    v_exec('v-list-sys-network-status', [], false, $output);
+    echo $output . "\n";
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 // Web info
 if (isset($_GET['web'])) {
     $TAB = 'WEB';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-web-status', $output, $return_var);
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+    v_exec('v-list-sys-web-status', [], false, $output);
+    echo $output . "\n";
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 
@@ -76,40 +66,34 @@ if (isset($_GET['web'])) {
 if (isset($_GET['dns'])) {
     $TAB = 'DNS';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-dns-status', $output, $return_var);
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+    $return_var = v_exec('v-list-sys-dns-status', [], false, $output);
+    echo $output . "\n";
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 // Mail info
 if (isset($_GET['mail'])) {
     $TAB = 'MAIL';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-mail-status', $output, $return_var);
-    if ($return_var == 0 ) {
-        foreach($output as $file) {
-            echo $file . "\n";
-        }
+    $return_var = v_exec('v-list-sys-mail-status', [], false, $output);
+    if ($return_var == 0) {
+        echo $output . "\n";
     }
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 // DB info
 if (isset($_GET['db'])) {
     $TAB = 'DB';
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_server_info.html');
-    exec (VESTA_CMD.'v-list-sys-db-status', $output, $return_var);
-    if ($return_var == 0 ) {
-        foreach($output as $file) {
-            echo $file . "\n";
-        }
+    $return_var = v_exec('v-list-sys-db-status', [], false, $output);
+    if ($return_var == 0) {
+        echo $output . "\n";
     }
     echo "    </pre>\n</body>\n</html>\n";
-    exit();
+    exit;
 }
 
 
@@ -120,12 +104,12 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-sys-info json", $output, $return_var);
-$sys = json_decode(implode('', $output), true);
-unset($output);
-exec (VESTA_CMD."v-list-sys-services json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-unset($output);
+v_exec('v-list-sys-info', ['json'], false, $output);
+$sys = json_decode($output, true);
+
+v_exec('v-list-sys-services', ['json'], false, $output);
+$data = json_decode($output, true);
+
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_services.html');
 
 // Back uri

web/list/stats/index.php

@@ -14,28 +14,24 @@ top_panel($user,$TAB);
 // Data
 if ($user == 'admin') {
     if (empty($_GET['user'])) {
-        exec (VESTA_CMD."v-list-users-stats json", $output, $return_var);
-        $data = json_decode(implode('', $output), true);
+        v_exec('v-list-users-stats', ['json'], false, $output);
+        $data = json_decode($output, true);
         $data = array_reverse($data, true);
-        unset($output);
     } else {
-        $v_user = escapeshellarg($_GET['user']);
-        exec (VESTA_CMD."v-list-user-stats $v_user json", $output, $return_var);
-        $data = json_decode(implode('', $output), true);
+        $v_user = $_GET['user'];
+        v_exec('v-list-user-stats', [$v_user, 'json'], false, $output);
+        $data = json_decode($output, true);
         $data = array_reverse($data, true);
-        unset($output);
     }
 
-    exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
-    $users = json_decode(implode('', $output), true);
-    unset($output);
+    v_exec('v-list-sys-users', ['json'], false, $output);
+    $users = json_decode($output, true);
 
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_stats.html');
 } else {
-    exec (VESTA_CMD."v-list-user-stats $user json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-user-stats', [$user, 'json'], false, $output);
+    $data = json_decode($output, true);
     $data = array_reverse($data, true);
-    unset($output);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_stats.html');
 }
 

web/list/updates/index.php

@@ -13,12 +13,11 @@ top_panel($user,$TAB);
 
 // Data
 if ($_SESSION['user'] == 'admin') {
-    exec (VESTA_CMD."v-list-sys-vesta-updates json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
-    exec (VESTA_CMD."v-list-sys-vesta-autoupdate plain", $output, $return_var);
-    $autoupdate = $output['0'];
-    unset($output);
+    v_exec('v-list-sys-vesta-updates', ['json'], false, $output);
+    $data = json_decode($output, true);
+
+    v_exec('v-list-sys-vesta-autoupdate', ['plain'], false, $output);
+    $autoupdate = strtok($output, "\n");
 
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_updates.html');
 }

web/list/user/index.php

@@ -15,17 +15,17 @@ top_panel($user,$TAB);
 // Data
 if ($_SESSION['user'] == 'admin') {
     if ($user == 'admin') {
-        exec (VESTA_CMD . "v-list-users json", $output, $return_var);
+        v_exec('v-list-users', ['json'], false, $output);
     } else {
-        exec (VESTA_CMD . "v-list-user ".$user." json", $output, $return_var);
+        v_exec('v-list-user', [$user, 'json'], false, $output);
     }
-    $data = json_decode(implode('', $output), true);
-    $data = array_reverse($data,true);
+    $data = json_decode($output, true);
+    $data = array_reverse($data, true);
     display_error_block();
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_user.html');
 } else {
-    exec (VESTA_CMD . "v-list-user ".$user." json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-list-user', [$user, 'json'], false, $output);
+    $data = json_decode($output, true);
     display_error_block();
     include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_user.html');
 }

web/list/web-log/index.php

@@ -7,15 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_weblog.html');
 
-$v_domain = escapeshellarg($_GET['domain']);
+$v_domain = $_GET['domain'];
 if ($_GET['type'] == 'access') $type = 'access';
 if ($_GET['type'] == 'error') $type = 'error';
 
-exec (VESTA_CMD."v-list-web-domain-".$type."log $user ".$v_domain, $output, $return_var);
+$return_var = v_exec("v-list-web-domain-{$type}log", [$user, $v_domain], false, $output);
 
-if ($return_var == 0 ) {
-    foreach($output as $file) {
-        echo $file . "\n";
-    }
+if ($return_var == 0) {
+    print $output . "\n";
 }
+
 echo "    </pre>\n</body>\n</html>\n";

web/list/web/index.php

@@ -12,9 +12,9 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 top_panel($user,$TAB);
 
 // Data
-exec (VESTA_CMD."v-list-web-domains $user json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
-$data = array_reverse($data,true);
+v_exec('v-list-web-domains', [$user, 'json'], false, $output);
+$data = json_decode($output, true);
+$data = array_reverse($data, true);
 if ($_SESSION['user'] == 'admin') {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_web.html');
 } else {

web/login/index.php

@@ -21,9 +21,9 @@ if (isset($_GET['logout'])) {
 // Login as someone else
 if (isset($_SESSION['user'])) {
     if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) {
-        exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var);
-        if ( $return_var == 0 ) {
-            $data = json_decode(implode('', $output), true);
+        $return_var = v_exec('v-list-user', [$_GET['loginas'], 'json'], false, $output);
+        if ($return_var == 0) {
+            $data = json_decode($output, true);
             reset($data);
             $_SESSION['look'] = key($data);
             $_SESSION['look_alert'] = 'yes';
@@ -35,7 +35,7 @@ if (isset($_SESSION['user'])) {
 
 // Basic auth
 if (isset($_POST['user']) && isset($_POST['password'])) {
-    $v_user = escapeshellarg($_POST['user']);
+    $v_user = $_POST['user'];
 
     // Send password via tmp file
     $v_password = exec('mktemp -p /tmp');
@@ -44,24 +44,21 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
     fclose($fp);
 
     // Check user & password
-    exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." ".escapeshellarg($_SERVER['REMOTE_ADDR']),  $output, $return_var);
-    unset($output);
+    $return_var = v_exec('v-check-user-password', [$v_user, $v_password, $_SERVER['REMOTE_ADDR']]);
 
     // Remove tmp file
     unlink($v_password);
 
     // Check API answer
-    if ( $return_var > 0 ) {
+    if ($return_var > 0) {
         $ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
-
     } else {
-
         // Make root admin user
         if ($_POST['user'] == 'root') $v_user = 'admin';
 
         // Get user speciefic parameters
-        exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
-        $data = json_decode(implode('', $output), true);
+        v_exec('v-list-user', [$v_user, 'json'], false, $output);
+        $data = json_decode($output, true);
 
         // Define session user
         $_SESSION['user'] = key($data);
@@ -75,7 +72,7 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
 
         // Redirect request to control panel interface
         if (!empty($_SESSION['request_uri'])) {
-            header("Location: ".$_SESSION['request_uri']);
+            header('Location: '.$_SESSION['request_uri']);
             unset($_SESSION['request_uri']);
             exit;
         } else {
@@ -86,8 +83,8 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
 }
 
 // Check system configuration
-exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
-$data = json_decode(implode('', $output), true);
+v_exec('v-list-sys-config', ['json'], false, $output);
+$data = json_decode($output, true);
 $sys_arr = $data['config'];
 foreach ($sys_arr as $key => $value) {
     $_SESSION[$key] = $value;

web/reset/index.php

@@ -11,28 +11,25 @@ if (isset($_SESSION['user'])) {
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
-    $v_user = escapeshellarg($_POST['user']);
     $user = $_POST['user'];
-    $cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
-    exec ($cmd." ".$v_user." json", $output, $return_var);
-    if ( $return_var == 0 ) {
-        $data = json_decode(implode('', $output), true);
+    $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
+    if ($return_var == 0) {
+        $data = json_decode($output, true);
         $rkey = $data[$user]['RKEY'];
         $fname = $data[$user]['FNAME'];
         $lname = $data[$user]['LNAME'];
         $contact = $data[$user]['CONTACT'];
         $to = $data[$user]['CONTACT'];
-        $subject = __('MAIL_RESET_SUBJECT',date("Y-m-d H:i:s"));
+        $subject = __('MAIL_RESET_SUBJECT', date('Y-m-d H:i:s'));
         $hostname = exec('hostname');
-        $from = __('MAIL_FROM',$hostname);
-        if (!empty($fname)) {
-            $mailtext = __('GREETINGS_GORDON_FREEMAN',$fname,$lname);
+        $from = __('MAIL_FROM', $hostname);
+        if (!empty($fname) || !empty($lname)) {
+            $mailtext = __('GREETINGS_GORDON_FREEMAN', $fname, $lname);
         } else {
             $mailtext = __('GREETINGS');
         }
-        $mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
+        $mailtext .= __('PASSWORD_RESET_REQUEST', $_SERVER['HTTP_HOST'], $user, $rkey, $_SERVER['HTTP_HOST'], $user, $rkey);
         if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
-        unset($output);
     }
 
     header("Location: /reset/?action=code&user=".$_POST['user']);
@@ -40,23 +37,20 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
 }
 
 if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) {
-    if ( $_POST['password'] == $_POST['password_confirm'] ) {
-        $v_user = escapeshellarg($_POST['user']);
+    if ($_POST['password'] == $_POST['password_confirm']) {
         $user = $_POST['user'];
-        $cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
-        exec ($cmd." ".$v_user." json", $output, $return_var);
-        if ( $return_var == 0 ) {
-            $data = json_decode(implode('', $output), true);
+        $return_var = v_exec('v-list-user', [$user, 'json'], false, $output);
+        if ($return_var == 0) {
+            $data = json_decode($output, true);
             $rkey = $data[$user]['RKEY'];
             if ($rkey == $_POST['code']) {
                 $v_password = tempnam("/tmp","vst");
                 $fp = fopen($v_password, "w");
                 fwrite($fp, $_POST['password']."\n");
                 fclose($fp);
-                $cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password";
-                exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
+                $return_var = v_exec('v-change-user-password', [$user, $v_password], false);
                 unlink($v_password);
-                if ( $return_var > 0 ) {
+                if ($return_var > 0) {
                     $ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>";
                 } else {
                     $_SESSION['user'] = $_POST['user'];

web/reset/mail/index.php

@@ -102,25 +102,21 @@ function to64 ($v, $n)
 // Check arguments
 if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) {
     list($v_account, $v_domain) = explode('@', $_POST['email']);
-    $v_domain = escapeshellarg($v_domain);
-    $v_account = escapeshellarg($v_account);
     $v_password = $_POST['password'];
 
     // Get domain owner
-    exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var);
+    $return_var = v_exec('v-search-domain-owner', [$v_domain, 'mail'], false, $output);
     if ($return_var == 0) {
-        $v_user = $output[0];
+        $v_user = strtok($output, "\n");
     }
-    unset($output);
 
     // Get current md5 hash
     if (!empty($v_user)) {
-        exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var);
+        $return_var = v_exec('v-get-mail-account-value', [$v_user, $v_domain, $v_account, 'md5'], false, $output);
         if ($return_var == 0) {
-            $v_hash = $output[0];
+            $v_hash = strtok($output, "\n");
         }
     }
-    unset($output);
 
     // Compare hashes
     if (!empty($v_hash)) {
@@ -129,14 +125,14 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
         $n_hash = '{MD5}'.$n_hash;
 
         // Change password
-        if ( $v_hash == $n_hash ) {
+        if ($v_hash == $n_hash) {
             $v_new_password = tempnam("/tmp","vst");
             $fp = fopen($v_new_password, "w");
             fwrite($fp, $_POST['new']."\n");
             fclose($fp);
-            exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var);
+            $return_var = v_exec('v-change-mail-account-password', [$v_user, $v_domain, $v_account, $v_new_password], false, $output);
             if ($return_var == 0) {
-                echo "ok";
+                echo 'ok';
                 exit;
             }
         }

web/restart/service/index.php

@@ -8,18 +8,17 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['srv'])) {
         if ($_GET['srv'] == 'iptables') {
-            exec (VESTA_CMD."v-update-firewall", $output, $return_var);
+            $return_var = v_exec('v-update-firewall', [], false, $output);
         } else {
-            $v_service = escapeshellarg($_GET['srv']);
-            exec (VESTA_CMD."v-restart-service ".$v_service, $output, $return_var);
+            $v_service = $_GET['srv'];
+            $return_var = v_exec('v-restart-service', [$v_service], false, $output);
         }
     }
     if ($return_var != 0) {
         $error = implode('<br>', $output);
-        if (empty($error)) $error =  __('SERVICE_ACTION_FAILED',__('restart'),$v_service);
-            $_SESSION['error_msg'] = $error;
+        if (empty($error)) $error =  __('SERVICE_ACTION_FAILED', __('restart'), htmlentities($_GET['srv']));
+        $_SESSION['error_msg'] = $error;
     }
-    unset($output);
 }
 
 header("Location: /list/server/");

web/restart/system/index.php

@@ -3,14 +3,14 @@
 error_reporting(NULL);
 ob_start();
 session_start();
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['hostname'])) {
-        exec (VESTA_CMD."v-restart-system yes", $output, $return_var);
+        v_exec('v-restart-system', ['yes'], false);
         $_SESSION['error_msg'] = 'The system is going down for reboot NOW!';
     }
-    unset($output);
 }
 
 header("Location: /list/server/");

web/schedule/backup/index.php

@@ -5,21 +5,15 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-$v_username = escapeshellarg($user);
-exec (VESTA_CMD."v-schedule-user-backup ".$v_username, $output, $return_var);
-if ($return_var == 0) {
-    $_SESSION['error_msg'] = __('BACKUP_SCHEDULED');
-} else {
-    $_SESSION['error_msg'] = implode('<br>', $output);
-    if (empty($_SESSION['error_msg'])) {
-        $_SESSION['error_msg'] = __('Error: vesta did not return any output.');
-    }
-
-    if ($return_var == 4) {
+$return_var = v_exec('v-schedule-user-backup', [$user]);
+switch ($return_var) {
+    case 0:
+        $_SESSION['error_msg'] = __('BACKUP_SCHEDULED');
+        break;
+    case 4:
         $_SESSION['error_msg'] = __('BACKUP_EXISTS');
-    }
-
+        break;
 }
-unset($output);
+
 header("Location: /list/backup/");
 exit;

web/schedule/restore/index.php

@@ -6,7 +6,7 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-$backup = escapeshellarg($_GET['backup']);
+$backup = $_GET['backup'];
 
 $web = 'no';
 $dns = 'no';
@@ -15,30 +15,27 @@ $db = 'no';
 $cron = 'no';
 $udir = 'no';
 
-if ($_GET['type'] == 'web') $web = escapeshellarg($_GET['object']);
-if ($_GET['type'] == 'dns') $dns = escapeshellarg($_GET['object']);
-if ($_GET['type'] == 'mail') $mail = escapeshellarg($_GET['object']);
-if ($_GET['type'] == 'db') $db = escapeshellarg($_GET['object']);
+if ($_GET['type'] == 'web') $web = $_GET['object'];
+if ($_GET['type'] == 'dns') $dns = $_GET['object'];
+if ($_GET['type'] == 'mail') $mail = $_GET['object'];
+if ($_GET['type'] == 'db') $db = $_GET['object'];
 if ($_GET['type'] == 'cron') $cron = 'yes';
-if ($_GET['type'] == 'udir') $udir = escapeshellarg($_GET['object']);
+if ($_GET['type'] == 'udir') $udir = $_GET['object'];
 
 if (!empty($_GET['type'])) {
-    $restore_cmd = VESTA_CMD."v-schedule-user-restore ".$user." ".$backup." ".$web." ".$dns." ".$mail." ".$db." ".$cron." ".$udir;
+    $restore_args = [$user, $backup, $web, $dns, $mail, $db, $cron, $udir];
 } else {
-    $restore_cmd = VESTA_CMD."v-schedule-user-restore ".$user." ".$backup;
+    $restore_args = [$user, $backup];
 }
 
-exec ($restore_cmd, $output, $return_var);
-if ($return_var == 0) {
-    $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
-} else {
-    $_SESSION['error_msg'] = implode('<br>', $output);
-    if (empty($_SESSION['error_msg'])) {
-        $_SESSION['error_msg'] = __('Error: vesta did not return any output.');
-    }
-    if ($return_var == 4) {
+$return_var = v_exec('v-schedule-user-restore', $restore_args);
+switch ($return_var) {
+    case 0:
+        $_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
+        break;
+    case 4:
         $_SESSION['error_msg'] = __('RESTORE_EXISTS');
-    }
+        break;
 }
 
 header("Location: /list/backup/?backup=" . $_GET['backup']);

web/search/index.php

@@ -9,9 +9,9 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check query
 $q = $_GET['q'];
 if (empty($q)) {
-    $back=getenv("HTTP_REFERER");
+    $back = getenv('HTTP_REFERER');
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /");
@@ -28,14 +28,13 @@ $lang = 'ru_RU.utf8';
 //setlocale(LC_ALL, $lang);
 
 // Data
-$q = escapeshellarg($q);
 if ($_SESSION['user'] == 'admin') {
-    exec (VESTA_CMD."v-search-object ".$q." json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-search-object', [$q, 'json'], false, $output);
+    $data = json_decode($output, true);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/list_search.html');
 } else {
-    exec (VESTA_CMD."v-search-user-object ".$user." ".$q." json", $output, $return_var);
-    $data = json_decode(implode('', $output), true);
+    v_exec('v-search-user-object', [$user, $q, 'json'], false, $output);
+    $data = json_decode($output, true);
     include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_search.html');
 }
 

web/start/service/index.php

@@ -8,18 +8,17 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['srv'])) {
         if ($_GET['srv'] == 'iptables') {
-            exec (VESTA_CMD."v-update-firewall", $output, $return_var);
+            $return_var = v_exec('v-update-firewall', [], false, $output);
         } else {
-            $v_service = escapeshellarg($_GET['srv']);
-            exec (VESTA_CMD."v-start-service ".$v_service, $output, $return_var);
+            $v_service = $_GET['srv'];
+            $return_var = v_exec('v-start-service', [$v_service], false, $output);
         }
     }
     if ($return_var != 0) {
         $error = implode('<br>', $output);
-        if (empty($error)) $error =  __('SERVICE_ACTION_FAILED',__('start'),$v_service);;
-            $_SESSION['error_srv'] = $error;
+        if (empty($error)) $error =  __('SERVICE_ACTION_FAILED', __('start'), htmlentities($_GET['srv']));
+        $_SESSION['error_srv'] = $error;
     }
-    unset($output);
 }
 
 header("Location: /list/server/");

web/stop/service/index.php

@@ -8,18 +8,18 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['srv'])) {
         if ($_GET['srv'] == 'iptables') {
-            exec (VESTA_CMD."v-stop-firewall", $output, $return_var);
+            $return_var = v_exec('v-stop-firewall', [], false, $output);
         } else {
-            $v_service = escapeshellarg($_GET['srv']);
-            exec (VESTA_CMD."v-stop-service ".$v_service, $output, $return_var);
+            $v_service = $_GET['srv'];
+            $return_var = v_exec('v-stop-service', [$v_service], false, $output);
         }
     }
     if ($return_var != 0) {
         $error = implode('<br>', $output);
-        if (empty($error)) $error = __('SERVICE_ACTION_FAILED',__('stop'),$v_service);
-            $_SESSION['error_srv'] = $error;
+        if (empty($error)) $error = __('SERVICE_ACTION_FAILED', __('stop'), htmlentities($_GET['srv']));
+        $_SESSION['error_srv'] = $error;
     }
-    unset($output);
+
 }
 
 header("Location: /list/server/");

web/suspend/cron/index.php

@@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Check user
@@ -16,20 +16,20 @@ if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");
     exit;
 }
+
 if (!empty($_GET['user'])) {
-    $user=$_GET['user'];
+    $user = $_GET['user'];
 }
+
 if (!empty($_GET['job'])) {
-    $v_username = escapeshellarg($user);
-    $v_job = escapeshellarg($_GET['job']);
-    exec (VESTA_CMD."v-suspend-cron-job ".$v_username." ".$v_job, $output, $return_var);
+    $v_username = $user;
+    $v_job = $_GET['job'];
+    v_exec('v-suspend-cron-job', [$v_username, $v_job]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/suspend/db/index.php

@@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Check user
@@ -22,16 +22,14 @@ if (!empty($_GET['user'])) {
 }
 
 if (!empty($_GET['database'])) {
-    $v_username = escapeshellarg($user);
-    $v_database = escapeshellarg($_GET['database']);
-    exec (VESTA_CMD."v-suspend-database ".$v_username." ".$v_database, $output, $return_var);
+    $v_username = $user;
+    $v_database = $_GET['database'];
+    v_exec('v-suspend-database', [$v_username, $v_database]);
 }
-check_return_code($return_var,$output);
-unset($output);
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }
 

web/suspend/dns/index.php

@@ -8,7 +8,7 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check token
 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
     header('location: /login/');
-    exit();
+    exit;
 }
 
 // Check user
@@ -23,14 +23,12 @@ if (!empty($_GET['user'])) {
 
 // DNS domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    exec (VESTA_CMD."v-suspend-dns-domain ".$v_username." ".$v_domain, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_username = $user;
+    $v_domain = $_GET['domain'];
+    v_exec('v-suspend-dns-domain', [$v_username, $v_domain]);
     $back = $_SESSION['back'];
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /list/dns/");
@@ -39,15 +37,13 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
 
 // DNS record
 if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
-    $v_username = escapeshellarg($user);
-    $v_domain = escapeshellarg($_GET['domain']);
-    $v_record_id = escapeshellarg($_GET['record_id']);
-    exec (VESTA_CMD."v-suspend-dns-record ".$v_username." ".$v_domain." ".$v_record_id, $output, $return_var);
-    check_return_code($return_var,$output);
-    unset($output);
+    $v_username = $user;
+    $v_domain = $_GET['domain'];
+    $v_record_id = $_GET['record_id'];
+    v_exec('v-suspend-dns-record', [$v_username, $v_domain, $v_record_id]);
     $back = $_SESSION['back'];
     if (!empty($back)) {
-        header("Location: ".$back);
+        header("Location: $back");
         exit;
     }
     header("Location: /list/dns/?domain=".$_GET['domain']);
@@ -56,7 +52,7 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
 
 $back = $_SESSION['back'];
 if (!empty($back)) {
-    header("Location: ".$back);
+    header("Location: $back");
     exit;
 }