github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta.git synced 2024-09-19 06:20:35 -07:00
Code Issues Packages Projects Releases Wiki Activity
master
myvesta/web/delete/backup/index.php
Serghey Rodin 39e9b6397b Revert "[SECURITY] Fix OS command injection."
2015-12-11 21:14:49 +02:00

34 lines
757 B
PHP
Raw Permalink Blame History

<?php
// Init
error_reporting(NULL);
ob_start();
session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
$user=$_GET['user'];
}
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('location: /login/');
exit();
}
if (!empty($_GET['backup'])) {
$v_username = escapeshellarg($user);
$v_backup = escapeshellarg($_GET['backup']);
exec (VESTA_CMD."v-delete-user-backup ".$v_username." ".$v_backup, $output, $return_var);
}
check_return_code($return_var,$output);
unset($output);
$back = $_SESSION['back'];
if (!empty($back)) {
header("Location: ".$back);
exit;
}
header("Location: /list/backup/");
exit;
Reference in New Issue View Git Blame Copy Permalink