Skip to content
Permalink
Browse files

removed unnecessary single quotes for security reasons / thanks to An…

…drea Cardaci
  • Loading branch information...
serghey-rodin committed Aug 7, 2019
1 parent c9bf443 commit b17b4b205df0c01dada54d9684cfaa94b924064a
@@ -57,7 +57,7 @@
// Add IP
if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".$ip_status." ".$v_name." ".$v_nat, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_owner = $_POST['v_owner'];
@@ -75,12 +75,12 @@
}
// List network interfaces
exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-sys-interfaces json", $output, $return_var);
$interfaces = json_decode(implode('', $output), true);
unset($output);
// List users
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-sys-users json", $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);
@@ -118,15 +118,15 @@
// Add web domain
if (empty($_SESSION['error_msg'])) {
exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var);
exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." no ".$aliases." ".$proxy_ext, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$domain_added = empty($_SESSION['error_msg']);
}
// Add DNS domain
if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -136,7 +136,7 @@
foreach ($aliases_arr as $alias) {
if ($alias != "www.".$_POST['v_domain']) {
$alias = escapeshellarg($alias);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -153,7 +153,7 @@
// Delete proxy support
if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) {
$ext = escapeshellarg($ext);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var);
exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -195,7 +195,7 @@
}
$v_ssl_home = escapeshellarg($_POST['v_ssl_home']);
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var);
exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -12,7 +12,7 @@
}
// List backup exclustions
exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -20,7 +20,7 @@
// List cron job
$v_job = escapeshellarg($_GET['job']);
exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
@@ -20,7 +20,7 @@
// List datbase
$v_database = escapeshellarg($_GET['database']);
exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-database ".$user." ".$v_database." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -52,7 +52,7 @@
if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
$v_domain = escapeshellarg($_GET['domain']);
$v_record_id = escapeshellarg($_GET['record_id']);
exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -88,7 +88,7 @@
// Change domain IP
if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
$v_ip = escapeshellarg($_POST['v_ip']);
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var);
check_return_code($return_var,$output);
$restart_dns = 'yes';
unset($output);
@@ -97,7 +97,7 @@
// Change domain template
if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
$v_template = escapeshellarg($_POST['v_template']);
exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
@@ -106,7 +106,7 @@
// Change SOA record
if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
$v_soa = escapeshellarg($_POST['v_soa']);
exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
@@ -115,15 +115,15 @@
// Change expiriation date
if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
$v_exp = escapeshellarg($_POST['v_exp']);
exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
// Change domain ttl
if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
$v_ttl = escapeshellarg($_POST['v_ttl']);
exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." no", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$restart_dns = 'yes';
@@ -20,7 +20,7 @@
// List rule
$v_rule = escapeshellarg($_GET['rule']);
exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -20,7 +20,7 @@
// List ip
$v_ip = escapeshellarg($_GET['ip']);
exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-sys-ip ".$v_ip." json", $output, $return_var);
check_return_code($return_var,$output);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -45,7 +45,7 @@
}
// List users
exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-sys-users json", $output, $return_var);
$users = json_decode(implode('', $output), true);
unset($output);
@@ -55,13 +55,13 @@
// Change Status
if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var);
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." dedicated", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
$v_dedicated = 'yes';
}
if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var);
exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." shared", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
unset($v_dedicated);
@@ -45,7 +45,7 @@
if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) {
$v_domain = escapeshellarg($_GET['domain']);
$v_account = escapeshellarg($_GET['account']);
exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -75,7 +75,7 @@
// Parse autoreply
if ( $v_autoreply == 'yes' ) {
exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." ".$v_domain." ".$v_account." json", $output, $return_var);
$autoreply_str = json_decode(implode('', $output), true);
unset($output);
$v_autoreply_message = $autoreply_str[$v_account]['MSG'];
@@ -231,7 +231,7 @@
$result = array_diff($valiases, $aliases);
foreach ($result as $alias) {
if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".escapeshellarg($alias)."'", $output, $return_var);
exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -257,7 +257,7 @@
$result = array_diff($vfwd, $fwd);
foreach ($result as $forward) {
if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".escapeshellarg($forward)."'", $output, $return_var);
exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var);
check_return_code($return_var,$output);
unset($output);
}
@@ -22,7 +22,7 @@
// List package
$v_package = escapeshellarg($_GET['package']);
exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
exec (VESTA_CMD."v-list-user-package ".$v_package." json", $output, $return_var);
$data = json_decode(implode('', $output), true);
unset($output);
@@ -203,7 +203,7 @@
fclose($fp);
// Save changes
exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." yes", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
@@ -212,7 +212,7 @@
unset($output);
// Propogate new package
exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
exec (VESTA_CMD."v-update-user-package ".$v_package." json", $output, $return_var);
check_return_code($return_var,$output);
unset($output);
@@ -339,7 +339,7 @@
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
@@ -356,15 +356,15 @@
// Change remote backup host type
if (empty($_SESSION['error_msg'])) {
if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var);
unset($output);
$v_backup_host = escapeshellarg($_POST['v_backup_host']);
$v_backup_type = escapeshellarg($_POST['v_backup_type']);
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
@@ -386,7 +386,7 @@
$v_backup_username = escapeshellarg($_POST['v_backup_username']);
$v_backup_password = escapeshellarg($_POST['v_backup_password']);
$v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
@@ -403,7 +403,7 @@
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var);
check_return_code($return_var,$output);
unset($output);
if (empty($_SESSION['error_msg'])) $v_backup_host = '';

0 comments on commit b17b4b2

Please sign in to comment.
You can’t perform that action at this time.