From b2dca9d91500394cfb83f3f4c0f52279b33fed4d Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Thu, 27 Nov 2014 14:51:51 +0100 Subject: [PATCH] [fix] some exec() didn't have escapeshellarg() as needed --- bureau/class/class_system_bind.php | 2 +- bureau/class/m_admin.php | 1 - bureau/class/m_bro.php | 15 +++++++-------- bureau/class/m_hta.php | 2 +- bureau/class/m_quota.php | 6 +++--- src/do_actions.php | 5 ----- src/spoolsize.php | 6 +++--- 7 files changed, 15 insertions(+), 22 deletions(-) diff --git a/bureau/class/class_system_bind.php b/bureau/class/class_system_bind.php index 30e97f4b..a5fc3871 100644 --- a/bureau/class/class_system_bind.php +++ b/bureau/class/class_system_bind.php @@ -192,7 +192,7 @@ class system_bind { // Generate the key $old_dir=getcwd(); chdir($target_dir); - exec('opendkim-genkey -r -d "'.escapeshellarg($domain).'" -s "alternc" '); + exec('opendkim-genkey -r -d '.escapeshellarg($domain).' -s "alternc" '); chdir($old_dir); // opendkim must be owner of the key diff --git a/bureau/class/m_admin.php b/bureau/class/m_admin.php index adf5bd98..2996fc26 100644 --- a/bureau/class/m_admin.php +++ b/bureau/class/m_admin.php @@ -648,7 +648,6 @@ class m_admin { $db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created,notes,db_server_id) VALUES ('$uid','$login','$pass','$mail','$cuid','$canpass', '$type', NOW(), '$notes', '$db_server_id');"); $db->query("INSERT INTO local(uid,nom,prenom) VALUES('$uid','$nom','$prenom');"); $this->renew_update($uid, $duration); - #exec("sudo /usr/lib/alternc/mem_add ".$login." ".$uid); $action->create_dir(getuserpath("$login")); $action->fix_user($uid); diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php index b2a7ed05..6755f93a 100644 --- a/bureau/class/m_bro.php +++ b/bureau/class/m_bro.php @@ -673,16 +673,16 @@ class m_bro { // TODO new version of tar supports `tar xf ...` so there is no // need to specify the compression format - exec("tar -xf $file -C $dest", $void, $ret); + exec("tar -xf ".escapeshellarg($file)." -C ".escapeshellarg($dest), $void, $ret); if ($ret) { - exec("tar -xjf $file -C $dest", $void, $ret); + exec("tar -xjf ".escapeshellarg($file)." -C ".escapeshellarg($dest), $void, $ret); } if ($ret) { - $cmd="unzip -o $file -d $dest"; + $cmd="unzip -o ".escapeshellarg($file)." -d ".escapeshellarg($dest); exec($cmd, $void, $ret); } if ($ret) { - $cmd="gunzip $file"; + $cmd="gunzip ".escapeshellarg($file); exec($cmd, $void, $ret); } if ($ret) { @@ -745,7 +745,7 @@ class m_bro { global $err; $src=escapeshellarg($src); $dest=escapeshellarg($dest); - exec("cp -Rpf $src $dest", $void, $ret); + exec("cp -Rpf ".escapeshellarg($src)." ".escapeshellarg($dest), $void, $ret); if ($ret) { $err->raise("bro","Errors happened while copying the source to destination. cp return value: %d", $ret); return false; @@ -1172,11 +1172,10 @@ class m_bro { } $timestamp=date("H:i:s"); - if(exec("/bin/tar cvf - ".getuserpath()."/ | gzip -9c > ".$dir."/".$mem->user['login']."_html_".$timestamp.".tar.gz")){ + if(exec("/bin/tar cvf - ".escapeshellarg(getuserpath()."/")."| gzip -9c > ".escapeshellarg($dir."/".$mem->user['login']."_html_".$timestamp.".tar.gz"))) { $err->log("bro","export_data_succes"); - }else{ + } else { $err->log("bro","export_data_failed"); - } } diff --git a/bureau/class/m_hta.php b/bureau/class/m_hta.php index 78d5c79e..a4337732 100644 --- a/bureau/class/m_hta.php +++ b/bureau/class/m_hta.php @@ -132,7 +132,7 @@ class m_hta { $err->log("hta","listdir"); $sortie = array(); $absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]; - exec("find $absolute -name .htpasswd|sort",$sortie); + exec("find ".escapeshellarg($absolute)." -name .htpasswd|sort",$sortie); if(!count($sortie)){ $err->raise("hta",_("No protected folder")); return false; diff --git a/bureau/class/m_quota.php b/bureau/class/m_quota.php index ac7ab96d..68ea15cb 100644 --- a/bureau/class/m_quota.php +++ b/bureau/class/m_quota.php @@ -187,7 +187,7 @@ class m_quota { // If there is a cached value $a = $disk_cached[$val]; } else { - exec("/usr/lib/alternc/quota_get ".$cuid ,$ak); + exec("/usr/lib/alternc/quota_get ".intval($cuid) ,$ak); $a['u']=intval($ak[0]); $a['t']=@intval($ak[1]); $a['timestamp'] = time(); @@ -230,9 +230,9 @@ class m_quota { if (floatval($size)==0) $size="0"; if (isset($this->disk[$ressource])) { // It's a disk resource, update it with shell command - exec("sudo /usr/lib/alternc/quota_edit $cuid $size &> /dev/null &"); + exec("sudo /usr/lib/alternc/quota_edit ".intval($cuid)." ".intval($size)." &> /dev/null &"); // Now we check that the value has been written properly : - exec("sudo /usr/lib/alternc/quota_get $cuid &> /dev/null &",$a); + exec("sudo /usr/lib/alternc/quota_get ".intval($cuid)." &> /dev/null &",$a); if (!isset($a[1]) || $size!=$a[1]) { $err->raise("quota",_("Error writing the quota entry!")); return false; diff --git a/src/do_actions.php b/src/do_actions.php index e4847b70..b42bd580 100644 --- a/src/do_actions.php +++ b/src/do_actions.php @@ -194,7 +194,6 @@ while ($rr=$action->get_action()){ switch ($r["type"]){ case "FIX_USER" : // Create the directory and make parent directories as needed - #@exec("$FIXPERM -u ".$params["uid"]." 2>&1", $trash, $code); $returned = execute_cmd("$FIXPERM -u", $params["uid"]); break; case "CHMOD" : @@ -216,7 +215,6 @@ while ($rr=$action->get_action()){ break; case "CREATE_FILE" : if(!file_exists($params["file"])) { - #@exec("$SU touch ".$params["file"]." 2>&1 ; echo '".$params["content"]."' > '".$params["file"]."' 2>&1", $output); if ( file_put_contents($params["file"], $params["content"]) === false ) { $errorsList=array("Fail: can't write into file ".$params["file"]); } else { @@ -230,12 +228,10 @@ while ($rr=$action->get_action()){ break; case "CREATE_DIR" : // Create the directory and make parent directories as needed - #@exec("$SU mkdir -p ".$params["dir"]." 2>&1",$output); $returned = execute_cmd("$SU mkdir", array('-p', $params["dir"])); break; case "DELETE" : // Delete file/directory and its contents recursively - #@exec("$SU rm -rf ".$params["dir"]." 2>&1", $output); $returned = execute_cmd("$SU rm", array('-rf', $params["dir"])); break; case "MOVE" : @@ -257,7 +253,6 @@ while ($rr=$action->get_action()){ } break; case "FIX_FILE" : - #@exec("$FIXPERM -f ".$params["file"]." 2>&1", $trash, $code); $returned = execute_cmd($FIXPERM, array('-f', $params["file"])); if($returned['return_val'] != 0){ $errorsList=array("Fixperms.sh failed, returned error code : ".$returned['return_val']); diff --git a/src/spoolsize.php b/src/spoolsize.php index b5088a77..c6084e28 100644 --- a/src/spoolsize.php +++ b/src/spoolsize.php @@ -48,9 +48,9 @@ if ($db->query("SELECT uid, name FROM mailman;")) { } foreach ($cc as $c){ echo $c["uid"]."/".$c["name"]; flush(); - $size1=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/lists/".$c["name"]); - $size2=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"]); - $size3=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"].".mbox"); + $size1=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/lists/".$c["name"])); + $size2=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"])); + $size3=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"].".mbox")); $size=(intval($size1)+intval($size2)+intval($size3)); $db->query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';"); echo " done ($size KB) \n"; flush();