Página Principal Explorar Ajuda
Iniciar Sessão
yosoyhendrix
/
vesta
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

Adding escapeshellarg on few more places in php code

dpeca há 5 anos atrás
pai
b6cadcd992
commit
c377e19df8
4 ficheiros alterados com 6 adições e 6 exclusões
Visão Unificada Mostrar Estatísticas Diff
  1. 1 1
      web/edit/server/index.php
  2. 1 1
      web/list/directory/index.php
  3. 2 2
      web/list/dns/index.php
  4. 2 2
      web/list/mail/index.php

+ 1 - 1
web/edit/server/index.php
Ver Ficheiro 

@@ -356,7 +356,7 @@ if (!empty($_POST['save'])) {
 
     // Change remote backup host type
 
     // Change remote backup host type
 
     if (empty($_SESSION['error_msg'])) {
 
     if (empty($_SESSION['error_msg'])) {
 
         if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
 
         if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
 
-            exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var);
 
+            exec (VESTA_CMD."v-delete-backup-host " . escapeshellarg($v_backup_type), $output, $return_var);
 
             unset($output);
 
             unset($output);
 
 
 
             $v_backup_host = escapeshellarg($_POST['v_backup_host']);
 
             $v_backup_host = escapeshellarg($_POST['v_backup_host']);

+ 1 - 1
web/list/directory/index.php
Ver Ficheiro 

@@ -15,7 +15,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
 
 }
 
 }
 
 
 
 if (empty($panel)) {
 
 if (empty($panel)) {
 
-    $command = VESTA_CMD."v-list-user '".$user."' 'json'";
 
+    $command = VESTA_CMD."v-list-user ".escapeshellarg($user)." 'json'";
 
     exec ($command, $output, $return_var);
 
     exec ($command, $output, $return_var);
 
     if ( $return_var > 0 ) {
 
     if ( $return_var > 0 ) {
 
         header("Location: /error/");
 
         header("Location: /error/");

+ 2 - 2
web/list/dns/index.php
Ver Ficheiro 

@@ -7,14 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
 
 // Data & Render page
 
 // Data & Render page
 
 if (empty($_GET['domain'])){
 
 if (empty($_GET['domain'])){
 
-    exec (VESTA_CMD."v-list-dns-domains $user json", $output, $return_var);
 
+    exec (VESTA_CMD."v-list-dns-domains ".escapeshellarg($user)." json", $output, $return_var);
 
     $data = json_decode(implode('', $output), true);
 
     $data = json_decode(implode('', $output), true);
 
     $data = array_reverse($data, true);
 
     $data = array_reverse($data, true);
 
     unset($output);
 
     unset($output);
 
 
 
     render_page($user, $TAB, 'list_dns');
 
     render_page($user, $TAB, 'list_dns');
 
 } else {
 
 } else {
 
-    exec (VESTA_CMD."v-list-dns-records ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
 
+    exec (VESTA_CMD."v-list-dns-records ".escapeshellarg($user)." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
 
     $data = json_decode(implode('', $output), true);
 
     $data = json_decode(implode('', $output), true);
 
     $data = array_reverse($data, true);
 
     $data = array_reverse($data, true);
 
     unset($output);
 
     unset($output);

+ 2 - 2
web/list/mail/index.php
Ver Ficheiro 

@@ -7,14 +7,14 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 
 
 // Data & Render page
 
 // Data & Render page
 
 if (empty($_GET['domain'])){
 
 if (empty($_GET['domain'])){
 
-    exec (VESTA_CMD."v-list-mail-domains $user json", $output, $return_var);
 
+    exec (VESTA_CMD."v-list-mail-domains ".escapeshellarg($user)." json", $output, $return_var);
 
     $data = json_decode(implode('', $output), true);
 
     $data = json_decode(implode('', $output), true);
 
     $data = array_reverse($data, true);
 
     $data = array_reverse($data, true);
 
     unset($output);
 
     unset($output);
 
 
 
     render_page($user, $TAB, 'list_mail');
 
     render_page($user, $TAB, 'list_mail');
 
 } else {
 
 } else {
 
-    exec (VESTA_CMD."v-list-mail-accounts ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
 
+    exec (VESTA_CMD."v-list-mail-accounts ".escapeshellarg($user)." ".escapeshellarg($_GET['domain'])." json", $output, $return_var);
 
     $data = json_decode(implode('', $output), true);
 
     $data = json_decode(implode('', $output), true);
 
     $data = array_reverse($data, true);
 
     $data = array_reverse($data, true);
 
     unset($output);
 
     unset($output);