kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fix] some exec() didn't have escapeshellarg() as needed

This commit is contained in:
Benjamin Sonntag 2014-11-27 14:51:51 +01:00
parent 508efe961f
commit b2dca9d915
7 changed files with 15 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bureau/class/class_system_bind.php
View File

@ -192,7 +192,7 @@ class system_bind {
// Generate the key // Generate the key
$old_dir=getcwd(); $old_dir=getcwd();
chdir($target_dir); chdir($target_dir);
exec('opendkim-genkey -r -d "'.escapeshellarg($domain).'" -s "alternc" '); exec('opendkim-genkey -r -d '.escapeshellarg($domain).' -s "alternc" ');
chdir($old_dir); chdir($old_dir);
// opendkim must be owner of the key // opendkim must be owner of the key

1
bureau/class/m_admin.php
View File

@ -648,7 +648,6 @@ class m_admin {
$db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created,notes,db_server_id) VALUES ('$uid','$login','$pass','$mail','$cuid','$canpass', '$type', NOW(), '$notes', '$db_server_id');"); $db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created,notes,db_server_id) VALUES ('$uid','$login','$pass','$mail','$cuid','$canpass', '$type', NOW(), '$notes', '$db_server_id');");
$db->query("INSERT INTO local(uid,nom,prenom) VALUES('$uid','$nom','$prenom');"); $db->query("INSERT INTO local(uid,nom,prenom) VALUES('$uid','$nom','$prenom');");
$this->renew_update($uid, $duration); $this->renew_update($uid, $duration);
#exec("sudo /usr/lib/alternc/mem_add ".$login." ".$uid);
$action->create_dir(getuserpath("$login")); $action->create_dir(getuserpath("$login"));
$action->fix_user($uid); $action->fix_user($uid);

15
bureau/class/m_bro.php
View File

@ -673,16 +673,16 @@ class m_bro {
// TODO new version of tar supports `tar xf ...` so there is no // TODO new version of tar supports `tar xf ...` so there is no
// need to specify the compression format // need to specify the compression format
exec("tar -xf $file -C $dest", $void, $ret); exec("tar -xf ".escapeshellarg($file)." -C ".escapeshellarg($dest), $void, $ret);
if ($ret) { if ($ret) {
exec("tar -xjf $file -C $dest", $void, $ret); exec("tar -xjf ".escapeshellarg($file)." -C ".escapeshellarg($dest), $void, $ret);
} }
if ($ret) { if ($ret) {
$cmd="unzip -o $file -d $dest"; $cmd="unzip -o ".escapeshellarg($file)." -d ".escapeshellarg($dest);
exec($cmd, $void, $ret); exec($cmd, $void, $ret);
} }
if ($ret) { if ($ret) {
$cmd="gunzip $file"; $cmd="gunzip ".escapeshellarg($file);
exec($cmd, $void, $ret); exec($cmd, $void, $ret);
} }
if ($ret) { if ($ret) {
@ -745,7 +745,7 @@ class m_bro {
global $err; global $err;
$src=escapeshellarg($src); $src=escapeshellarg($src);
$dest=escapeshellarg($dest); $dest=escapeshellarg($dest);
exec("cp -Rpf $src $dest", $void, $ret); exec("cp -Rpf ".escapeshellarg($src)." ".escapeshellarg($dest), $void, $ret);
if ($ret) { if ($ret) {
$err->raise("bro","Errors happened while copying the source to destination. cp return value: %d", $ret); $err->raise("bro","Errors happened while copying the source to destination. cp return value: %d", $ret);
return false; return false;
@ -1172,11 +1172,10 @@ class m_bro {
} }
$timestamp=date("H:i:s"); $timestamp=date("H:i:s");
if(exec("/bin/tar cvf - ".getuserpath()."/ | gzip -9c > ".$dir."/".$mem->user['login']."_html_".$timestamp.".tar.gz")){ if(exec("/bin/tar cvf - ".escapeshellarg(getuserpath()."/")."| gzip -9c > ".escapeshellarg($dir."/".$mem->user['login']."_html_".$timestamp.".tar.gz"))) {
$err->log("bro","export_data_succes"); $err->log("bro","export_data_succes");
}else{ } else {
$err->log("bro","export_data_failed"); $err->log("bro","export_data_failed");
} }
} }

2
bureau/class/m_hta.php
View File

@ -132,7 +132,7 @@ class m_hta {
$err->log("hta","listdir"); $err->log("hta","listdir");
$sortie = array(); $sortie = array();
$absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"]; $absolute = ALTERNC_HTML."/".substr($mem->user["login"],0,1)."/".$mem->user["login"];
exec("find $absolute -name .htpasswd|sort",$sortie); exec("find ".escapeshellarg($absolute)." -name .htpasswd|sort",$sortie);
if(!count($sortie)){ if(!count($sortie)){
$err->raise("hta",_("No protected folder")); $err->raise("hta",_("No protected folder"));
return false; return false;

6
bureau/class/m_quota.php
View File

@ -187,7 +187,7 @@ class m_quota {
// If there is a cached value // If there is a cached value
$a = $disk_cached[$val]; $a = $disk_cached[$val];
} else { } else {
exec("/usr/lib/alternc/quota_get ".$cuid ,$ak); exec("/usr/lib/alternc/quota_get ".intval($cuid) ,$ak);
$a['u']=intval($ak[0]); $a['u']=intval($ak[0]);
$a['t']=@intval($ak[1]); $a['t']=@intval($ak[1]);
$a['timestamp'] = time(); $a['timestamp'] = time();
@ -230,9 +230,9 @@ class m_quota {
if (floatval($size)==0) $size="0"; if (floatval($size)==0) $size="0";
if (isset($this->disk[$ressource])) { if (isset($this->disk[$ressource])) {
// It's a disk resource, update it with shell command // It's a disk resource, update it with shell command
exec("sudo /usr/lib/alternc/quota_edit $cuid $size &> /dev/null &"); exec("sudo /usr/lib/alternc/quota_edit ".intval($cuid)." ".intval($size)." &> /dev/null &");
// Now we check that the value has been written properly : // Now we check that the value has been written properly :
exec("sudo /usr/lib/alternc/quota_get $cuid &> /dev/null &",$a); exec("sudo /usr/lib/alternc/quota_get ".intval($cuid)." &> /dev/null &",$a);
if (!isset($a[1]) || $size!=$a[1]) { if (!isset($a[1]) || $size!=$a[1]) {
$err->raise("quota",_("Error writing the quota entry!")); $err->raise("quota",_("Error writing the quota entry!"));
return false; return false;

5
src/do_actions.php
View File

@ -194,7 +194,6 @@ while ($rr=$action->get_action()){
switch ($r["type"]){ switch ($r["type"]){
case "FIX_USER" : case "FIX_USER" :
// Create the directory and make parent directories as needed // Create the directory and make parent directories as needed
#@exec("$FIXPERM -u ".$params["uid"]." 2>&1", $trash, $code);
$returned = execute_cmd("$FIXPERM -u", $params["uid"]); $returned = execute_cmd("$FIXPERM -u", $params["uid"]);
break; break;
case "CHMOD" : case "CHMOD" :
@ -216,7 +215,6 @@ while ($rr=$action->get_action()){
break; break;
case "CREATE_FILE" : case "CREATE_FILE" :
if(!file_exists($params["file"])) { if(!file_exists($params["file"])) {
#@exec("$SU touch ".$params["file"]." 2>&1 ; echo '".$params["content"]."' > '".$params["file"]."' 2>&1", $output);
if ( file_put_contents($params["file"], $params["content"]) === false ) { if ( file_put_contents($params["file"], $params["content"]) === false ) {
$errorsList=array("Fail: can't write into file ".$params["file"]); $errorsList=array("Fail: can't write into file ".$params["file"]);
} else { } else {
@ -230,12 +228,10 @@ while ($rr=$action->get_action()){
break; break;
case "CREATE_DIR" : case "CREATE_DIR" :
// Create the directory and make parent directories as needed // Create the directory and make parent directories as needed
#@exec("$SU mkdir -p ".$params["dir"]." 2>&1",$output);
$returned = execute_cmd("$SU mkdir", array('-p', $params["dir"])); $returned = execute_cmd("$SU mkdir", array('-p', $params["dir"]));
break; break;
case "DELETE" : case "DELETE" :
// Delete file/directory and its contents recursively // Delete file/directory and its contents recursively
#@exec("$SU rm -rf ".$params["dir"]." 2>&1", $output);
$returned = execute_cmd("$SU rm", array('-rf', $params["dir"])); $returned = execute_cmd("$SU rm", array('-rf', $params["dir"]));
break; break;
case "MOVE" : case "MOVE" :
@ -257,7 +253,6 @@ while ($rr=$action->get_action()){
} }
break; break;
case "FIX_FILE" : case "FIX_FILE" :
#@exec("$FIXPERM -f ".$params["file"]." 2>&1", $trash, $code);
$returned = execute_cmd($FIXPERM, array('-f', $params["file"])); $returned = execute_cmd($FIXPERM, array('-f', $params["file"]));
if($returned['return_val'] != 0){ if($returned['return_val'] != 0){
$errorsList=array("Fixperms.sh failed, returned error code : ".$returned['return_val']); $errorsList=array("Fixperms.sh failed, returned error code : ".$returned['return_val']);

6
src/spoolsize.php
View File

@ -48,9 +48,9 @@ if ($db->query("SELECT uid, name FROM mailman;")) {
} }
foreach ($cc as $c){ foreach ($cc as $c){
echo $c["uid"]."/".$c["name"]; flush(); echo $c["uid"]."/".$c["name"]; flush();
$size1=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/lists/".$c["name"]); $size1=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/lists/".$c["name"]));
$size2=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"]); $size2=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"]));
$size3=exec("sudo /usr/lib/alternc/du.pl /var/lib/mailman/archives/private/".$c["name"].".mbox"); $size3=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"].".mbox"));
$size=(intval($size1)+intval($size2)+intval($size3)); $size=(intval($size1)+intval($size2)+intval($size3));
$db->query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';"); $db->query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';");
echo " done ($size KB) \n"; flush(); echo " done ($size KB) \n"; flush();