github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta.git synced 2024-12-11 23:00:48 -08:00
Code Issues Packages Projects Releases Wiki Activity
master
myvesta/web/bulk/restore/index.php
Serghey Rodin 39e9b6397b Revert "[SECURITY] Fix OS command injection."
2015-12-11 21:14:49 +02:00

48 lines
1.5 KiB
PHP
Raw Permalink Blame History

<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
header('location: /login/');
exit();
}
$action = $_POST['action'];
$backup = escapeshellarg($_POST['backup']);
$web = 'no';
$dns = 'no';
$mail = 'no';
$db = 'no';
$cron = 'no';
$udir = 'no';
if (!empty($_POST['web'])) $web = escapeshellarg(implode(",",$_POST['web']));
if (!empty($_POST['dns'])) $dns = escapeshellarg(implode(",",$_POST['dns']));
if (!empty($_POST['mail'])) $mail = escapeshellarg(implode(",",$_POST['mail']));
if (!empty($_POST['db'])) $db = escapeshellarg(implode(",",$_POST['db']));
if (!empty($_POST['cron'])) $cron = 'yes';
if (!empty($_POST['udir'])) $udir = escapeshellarg(implode(",",$_POST['udir']));
if ($action == 'restore') {
exec (VESTA_CMD."v-schedule-user-restore ".$user." ".$backup." ".$web." ".$dns." ".$mail." ".$db." ".$cron." ".$udir, $output, $return_var);
if ($return_var == 0) {
$_SESSION['error_msg'] = __('RESTORE_SCHEDULED');
} else {
$_SESSION['error_msg'] = implode('<br>', $output);
if (empty($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = __('Error: vesta did not return any output.');
}
if ($return_var == 4) {
$_SESSION['error_msg'] = __('RESTORE_EXISTS');
}
}
}
header("Location: /list/backup/?backup=" . $_POST['backup']);
Reference in New Issue View Git Blame Copy Permalink