From f8317f75d4e3a7569c64555f7b42da7eaaed432f Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 9 Dec 2019 16:15:22 +0100
Subject: [PATCH] Fixed csrf issue when deleting an invoice draft

---
 server/lib/classes/aps_installer.inc.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/server/lib/classes/aps_installer.inc.php b/server/lib/classes/aps_installer.inc.php
index 922f32e612..70b77a3a7e 100644
--- a/server/lib/classes/aps_installer.inc.php
+++ b/server/lib/classes/aps_installer.inc.php
@@ -550,10 +550,21 @@ class ApsInstaller extends ApsBase
 			foreach($this->putenv as $var) {
 				putenv($var);
 			}
+			
+			$tmpi = "<?php\n\n";
+			foreach($this->putenv as $var) {
+				$tmpi .= "putenv('".$var."');\n";
+			}
+			$tmpi .= "chdir('".$this->local_installpath.'install_scripts/'."');\n";
+			$tmpi .= 'exec("php '.$this->local_installpath.'install_scripts/'.$cfgscript.' install");';
+			
+			$app->system->file_put_contents($this->local_installpath.'install_scripts/ispinstall.php', $tmpi);
+			exec('php '.$this->local_installpath.'install_scripts/ispinstall.php');
+			die();
 
 			$shell_retcode = true;
 			$shell_ret = array();
-			$app->system->exec_safe('php ? install 2>&1', $this->local_installpath.'install_scripts/'.$cfgscript);
+			//$app->system->exec_safe('sudo -u ? php ? install 2>&1', $this->file_owner_user, $this->local_installpath.'install_scripts/'.$cfgscript);
 			$shell_ret = $app->system->last_exec_out();
 			$shell_retcode = $app->system->last_exec_retcode();
 			$shell_ret = array_filter($shell_ret);
-- 
GitLab