[fix] some exec() didn't have escapeshellarg() as needed
This commit is contained in:
Benjamin Sonntag
parent
508efe961f
commit
b2dca9d915
|
|
@ -192,7 +192,7 @@ class system_bind {
|
|||
// Generate the key
|
||||
$old_dir=getcwd();
|
||||
chdir($target_dir);
|
||||
exec('opendkim-genkey -r -d "'.escapeshellarg($domain).'" -s "alternc" ');
|
||||
exec('opendkim-genkey -r -d '.escapeshellarg($domain).' -s "alternc" ');
|
||||
chdir($old_dir);
|
||||
|
||||
// opendkim must be owner of the key
|
||||
|
|
|
|||
|
|
@ -648,7 +648,6 @@ class m_admin {
|
|||
$db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created,notes,db_server_id) VALUES ('$uid','$login','$pass','$mail','$cuid','$canpass', '$type', NOW(), '$notes', '$db_server_id');");
|
||||
$db->query("INSERT INTO local(uid,nom,prenom) VALUES('$uid','$nom','$prenom');");
|
||||
$this->renew_update($uid, $duration);
|
||||
#exec("sudo /usr/lib/alternc/mem_add ".$login." ".$uid);
|
||||
$action->create_dir(getuserpath("$login"));
|
||||
$action->fix_user($uid);
|
||||
|
||||
|
|
|
|||
|
|
@ -673,16 +673,16 @@ class m_bro {
|
|||
|
||||
// TODO new version of tar supports `tar xf ...` so there is no
|
||||
// need to specify the compression format
|
||||
exec("tar -xf $file -C $dest", $void, $ret);
|
||||
exec("tar -xf ".escapeshellarg($file)." -C ".escapeshellarg($dest), $void, $ret);
|
||||
if ($ret) {
|
||||
exec("tar -xjf $file -C $dest", $void, $ret);
|
||||
exec("tar -xjf ".escapeshellarg($file)." -C ".escapeshellarg($dest), $void, $ret);
|
||||
}
|
||||
if ($ret) {
|
||||
$cmd="unzip -o $file -d $dest";
|
||||
$cmd="unzip -o ".escapeshellarg($file)." -d ".escapeshellarg($dest);
|
||||
exec($cmd, $void, $ret);
|
||||
}
|
||||
if ($ret) {
|
||||
$cmd="gunzip $file";
|
||||
$cmd="gunzip ".escapeshellarg($file);
|
||||
exec($cmd, $void, $ret);
|
||||
}
|
||||
if ($ret) {
|
||||
|
|
@ -745,7 +745,7 @@ class m_bro {
|
|||
global $err;
|
||||
$src=escapeshellarg($src);
|
||||
$dest=escapeshellarg($dest);
|
||||
exec("cp -Rpf $src $dest", $void, $ret);
|
||||
exec("cp -Rpf ".escapeshellarg($src)." ".escapeshellarg($dest), $void, $ret);
|
||||
if ($ret) {
|
||||
$err->raise("bro","Errors happened while copying the source to destination. cp return value: %d", $ret);
|
||||
return false;
|
||||
|
|
@ -1172,11 +1172,10 @@ class m_bro {
|
|||
}
|
||||
$timestamp=date("H:i:s");
|
||||
|
||||
if(exec("/bin/tar cvf - ".getuserpath()."/ | gzip -9c > ".$dir."/".$mem->user['login']."_html_".$timestamp.".tar.gz")){
|
||||
if(exec("/bin/tar cvf - ".escapeshellarg(getuserpath()."/")."| gzip -9c > ".escapeshellarg($dir."/".$mem->user['login']."_html_".$timestamp.".tar.gz"))) {
|
||||
$err->log("bro","export_data_succes");
|
||||
}else{
|
||||
} else {
|
||||
$err->log("bro","export_data_failed");
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ class m_hta {
|
|||
$err->log("hta","listdir");
|
||||
$sortie = array();
|
||||
$absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"];
|
||||
exec("find $absolute -name .htpasswd|sort",$sortie);
|
||||
exec("find ".escapeshellarg($absolute)." -name .htpasswd|sort",$sortie);
|
||||
if(!count($sortie)){
|
||||
$err->raise("hta",_("No protected folder"));
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -187,7 +187,7 @@ class m_quota {
|
|||
// If there is a cached value
|
||||
$a = $disk_cached[$val];
|
||||
} else {
|
||||
exec("/usr/lib/alternc/quota_get ".$cuid ,$ak);
|
||||
exec("/usr/lib/alternc/quota_get ".intval($cuid) ,$ak);
|
||||
$a['u']=intval($ak[0]);
|
||||
$a['t']=@intval($ak[1]);
|
||||
$a['timestamp'] = time();
|
||||
|
|
@ -230,9 +230,9 @@ class m_quota {
|
|||
if (floatval($size)==0) $size="0";
|
||||
if (isset($this->disk[$ressource])) {
|
||||
// It's a disk resource, update it with shell command
|
||||
exec("sudo /usr/lib/alternc/quota_edit $cuid $size &> /dev/null &");
|
||||
exec("sudo /usr/lib/alternc/quota_edit ".intval($cuid)." ".intval($size)." &> /dev/null &");
|
||||
// Now we check that the value has been written properly :
|
||||
exec("sudo /usr/lib/alternc/quota_get $cuid &> /dev/null &",$a);
|
||||
exec("sudo /usr/lib/alternc/quota_get ".intval($cuid)." &> /dev/null &",$a);
|
||||
if (!isset($a[1]) || $size!=$a[1]) {
|
||||
$err->raise("quota",_("Error writing the quota entry!"));
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -194,7 +194,6 @@ while ($rr=$action->get_action()){
|
|||
switch ($r["type"]){
|
||||
case "FIX_USER" :
|
||||
// Create the directory and make parent directories as needed
|
||||
#@exec("$FIXPERM -u ".$params["uid"]." 2>&1", $trash, $code);
|
||||
$returned = execute_cmd("$FIXPERM -u", $params["uid"]);
|
||||
break;
|
||||
case "CHMOD" :
|
||||
|
|
@ -216,7 +215,6 @@ while ($rr=$action->get_action()){
|
|||
break;
|
||||
case "CREATE_FILE" :
|
||||
if(!file_exists($params["file"])) {
|
||||
#@exec("$SU touch ".$params["file"]." 2>&1 ; echo '".$params["content"]."' > '".$params["file"]."' 2>&1", $output);
|
||||
if ( file_put_contents($params["file"], $params["content"]) === false ) {
|
||||
$errorsList=array("Fail: can't write into file ".$params["file"]);
|
||||
} else {
|
||||
|
|
@ -230,12 +228,10 @@ while ($rr=$action->get_action()){
|
|||
break;
|
||||
case "CREATE_DIR" :
|
||||
// Create the directory and make parent directories as needed
|
||||
#@exec("$SU mkdir -p ".$params["dir"]." 2>&1",$output);
|
||||
$returned = execute_cmd("$SU mkdir", array('-p', $params["dir"]));
|
||||
break;
|
||||
case "DELETE" :
|
||||
// Delete file/directory and its contents recursively
|
||||
#@exec("$SU rm -rf ".$params["dir"]." 2>&1", $output);
|
||||
$returned = execute_cmd("$SU rm", array('-rf', $params["dir"]));
|
||||
break;
|
||||
case "MOVE" :
|
||||
|
|
@ -257,7 +253,6 @@ while ($rr=$action->get_action()){
|
|||
}
|
||||
break;
|
||||
case "FIX_FILE" :
|
||||
#@exec("$FIXPERM -f ".$params["file"]." 2>&1", $trash, $code);
|
||||
$returned = execute_cmd($FIXPERM, array('-f', $params["file"]));
|
||||
if($returned['return_val'] != 0){
|
||||
$errorsList=array("Fixperms.sh failed, returned error code : ".$returned['return_val']);
|
||||
|
|
|
|||
|
|
@ -48,9 +48,9 @@ if ($db->query("SELECT uid, name FROM mailman;")) {
|
|||
}
|
||||
foreach ($cc as $c){
|
||||
echo $c["uid"]."/".$c["name"]; flush();
|
||||
$size1=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/lists/".$c["name"]);
|
||||
$size2=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"]);
|
||||
$size3=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"].".mbox");
|
||||
$size1=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/lists/".$c["name"]));
|
||||
$size2=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"]));
|
||||
$size3=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"].".mbox"));
|
||||
$size=(intval($size1)+intval($size2)+intval($size3));
|
||||
$db->query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';");
|
||||
echo " done ($size KB) \n"; flush();
|
||||
|
|
|
|||
Loading…
Reference in New Issue