Skip to content
Permalink
Browse files

Fixed several Command Injection.

  • Loading branch information...
sergio-nadal committed Apr 20, 2019
1 parent 7603cde commit 0831a198b86a4760e83c0eaec78d84bab7098e6c
Showing with 11 additions and 4 deletions.
  1. +2 −0 web/edit/db/index.php
  2. +5 −2 web/edit/mail/index.php
  3. +4 −2 web/edit/web/index.php
@@ -42,6 +42,8 @@
$v_status = 'active';
}
$v_database = escapeshellarg($_GET['database']);
// Check POST request
if (!empty($_POST['save'])) {
$v_username = $user;
@@ -70,6 +70,9 @@
$v_date = $data[$v_account]['DATE'];
$v_time = $data[$v_account]['TIME'];
$v_domain = escapeshellarg($_GET['domain']);
$v_account = escapeshellarg($_GET['account']);
// Parse autoreply
if ( $v_autoreply == 'yes' ) {
exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
@@ -228,7 +231,7 @@
$result = array_diff($valiases, $aliases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".escapeshellarg($alias)."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -254,7 +257,7 @@
$result = array_diff($vfwd, $fwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".escapeshellarg($forward)."'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -36,7 +36,7 @@
$v_elog = $data[$v_domain]['ELOG'];
$v_ssl = $data[$v_domain]['SSL'];
if (!empty($v_ssl)) {
exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var);
exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".escapeshellarg($v_domain)."' json", $output, $return_var);
$ssl_str = json_decode(implode('', $output), true);
unset($output);
$v_ssl_crt = $ssl_str[$v_domain]['CRT'];
@@ -129,6 +129,7 @@
exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var);
unset($output);
if ($return_var == 0 ) {
$v_ip = escapeshellarg($_POST['v_ip']);
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
@@ -142,6 +143,7 @@
exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var);
unset($output);
if ($return_var == 0 ) {
$v_ip = escapeshellarg($_POST['v_ip']);
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
@@ -367,7 +369,7 @@
// Add Lets Encrypt support
if ((!empty($_POST['v_ssl'])) && ( $v_letsencrypt == 'no' ) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) {
$l_aliases = str_replace("\n", ',', $v_aliases);
exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$l_aliases."' 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".escapeshellarg($l_aliases)."' 'no'", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_letsencrypt = 'yes';

0 comments on commit 0831a19

Please sign in to comment.
You can’t perform that action at this time.