Add missing escapeshellarg() in account creation
This commit is contained in:
parent
7b5868db38
commit
d63150c4ce
|
@ -39,17 +39,17 @@ function web_add($form, $admin_mail) {
|
|||
|
||||
if(!$form->getField('password_random')->getValue()) {
|
||||
$exec_cmd .= sprintf(' -p %s',
|
||||
$form->getField('password')->getValue());
|
||||
escapeshellarg($form->getField('password')->getValue()));
|
||||
}
|
||||
|
||||
/* Ajout des options spécifiques à MySQL si nécessaire */
|
||||
if($form->getField('mysql_db')->getValue()) {
|
||||
$exec_cmd .= sprintf(' -m %s',
|
||||
$form->getField('mysql_dbname')->getValue());
|
||||
escapeshellarg($form->getField('mysql_dbname')->getValue()));
|
||||
|
||||
if(!$form->getField('mysql_password_random')->getValue()) {
|
||||
$exec_cmd .= sprintf(' -P %s',
|
||||
$form->getField('mysql_password')->getValue());
|
||||
escapeshellarg($form->getField('mysql_password')->getValue()));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -58,12 +58,12 @@ function web_add($form, $admin_mail) {
|
|||
}
|
||||
|
||||
if ($conf['quota']) {
|
||||
$exec_cmd .= sprintf(' -q %s:%s', $form->getField('quota_soft')->getValue(), $form->getField('quota_hard')->getValue());
|
||||
$exec_cmd .= sprintf(' -q %s:%s', escapeshellarg($form->getField('quota_soft')->getValue()), escapeshellarg($form->getField('quota_hard')->getValue()));
|
||||
}
|
||||
|
||||
$exec_cmd .= sprintf(' -l %s %s %s 2>&1', $admin_mail,
|
||||
$form->getField('username')->getValue(),
|
||||
$form->getField('domain')->getValue());
|
||||
escapeshellarg($form->getField('username')->getValue()),
|
||||
escapeshellarg($form->getField('domain')->getValue()));
|
||||
|
||||
//domain_add($form, $_SERVER['SERVER_ADDR'], true);
|
||||
sudoexec($exec_cmd, $exec_output, $exec_return);
|
||||
|
@ -72,7 +72,7 @@ function web_add($form, $admin_mail) {
|
|||
if ( $form->getField('domain_alias')->getValue() ) {
|
||||
$domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
|
||||
foreach ( $domain_alias as $domain ) {
|
||||
$exec_cmd = 'web-add.sh add-alias '.$form->getField('username')->getValue().' ';
|
||||
$exec_cmd = 'web-add.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
|
||||
$domain = trim($domain);
|
||||
$exec_cmd .= $domain.' '. $server_list;
|
||||
sudoexec($exec_cmd, $exec_output, $exec_return);
|
||||
|
@ -97,17 +97,17 @@ function web_add_cluster($form, $admin_mail) {
|
|||
|
||||
if(!$form->getField('password_random')->getValue()) {
|
||||
$exec_cmd .= sprintf(' -p %s',
|
||||
$form->getField('password')->getValue());
|
||||
escapeshellarg($form->getField('password')->getValue()));
|
||||
}
|
||||
|
||||
/* Ajout des options spécifiques à MySQL si nécessaire */
|
||||
if($form->getField('mysql_db')->getValue()) {
|
||||
$exec_cmd .= sprintf(' -m %s',
|
||||
$form->getField('mysql_dbname')->getValue());
|
||||
escapeshellarg($form->getField('mysql_dbname')->getValue()));
|
||||
|
||||
if(!$form->getField('mysql_password_random')->getValue()) {
|
||||
$exec_cmd .= sprintf(' -P %s',
|
||||
$form->getField('mysql_password')->getValue());
|
||||
escapeshellarg($form->getField('mysql_password')->getValue()));
|
||||
}
|
||||
|
||||
$account['bdd'] = $form->getField('mysql_dbname')->getValue();
|
||||
|
@ -174,12 +174,12 @@ function web_add_cluster($form, $admin_mail) {
|
|||
}
|
||||
|
||||
$exec_cmd .= sprintf(' -l %s %s %s %s %s %s 2>&1',
|
||||
$admin_mail,
|
||||
$form->getField('username')->getValue(),
|
||||
$form->getField('domain')->getValue(),
|
||||
$master,
|
||||
$slave,
|
||||
($realtime ? 'realtime': 'deferred'));
|
||||
escapeshellarg($admin_mail),
|
||||
escapeshellarg($form->getField('username')->getValue()),
|
||||
escapeshellarg($form->getField('domain')->getValue()),
|
||||
escapeshellarg($master),
|
||||
escapeshellarg($slave),
|
||||
escapeshellarg( ($realtime ? 'realtime': 'deferred')) );
|
||||
|
||||
//if ($conf['bindadmin'])
|
||||
domain_add($form->getField('domain')->getValue(), gethostbyname($master), true, $form->getField('use_gmail_mxs')->getValue());
|
||||
|
@ -189,7 +189,7 @@ function web_add_cluster($form, $admin_mail) {
|
|||
if ( $form->getField('domain_alias')->getValue() ) {
|
||||
$domain_alias = preg_split('/,/', $form->getField('domain_alias')->getValue());
|
||||
foreach ( $domain_alias as $alias ) {
|
||||
$exec_cmd = 'web-add-cluster.sh add-alias '.$form->getField('username')->getValue().' ';
|
||||
$exec_cmd = 'web-add-cluster.sh add-alias '.escapeshellarg($form->getField('username')->getValue()).' ';
|
||||
$alias = trim($alias);
|
||||
$exec_cmd .= $alias.' '.$master.' '.$slave;
|
||||
sudoexec($exec_cmd, $exec_output2, $exec_return2);
|
||||
|
|
Loading…
Reference in a new issue