Commit 2b60a7a9 authored by Marius Burkard's avatar Marius Burkard
Browse files

WIP: change system exec calls to safe variant

parent 2d6d9eb4
...@@ -78,7 +78,7 @@ class app { ...@@ -78,7 +78,7 @@ class app {
$this->uses($prop); $this->uses($prop);
if(property_exists($this, $prop)) return $this->{$prop}; if(property_exists($this, $prop)) return $this->{$prop};
else return null; else trigger_error('Undefined property ' . $name . ' of class app', E_USER_WARNING);
} }
public function __destruct() { public function __destruct() {
......
...@@ -451,9 +451,9 @@ class functions { ...@@ -451,9 +451,9 @@ class functions {
if(file_exists($id_rsa_file)) unset($id_rsa_file); if(file_exists($id_rsa_file)) unset($id_rsa_file);
if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file); if(file_exists($id_rsa_pub_file)) unset($id_rsa_pub_file);
if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) { if(!file_exists($id_rsa_file) && !file_exists($id_rsa_pub_file)) {
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f '.$id_rsa_file.' -N ""'); $app->system->exec_safe('ssh-keygen -t rsa -C ? -f ? -N ""', $username.'-rsa-key-'.time(), $id_rsa_file);
$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents($id_rsa_file), @file_get_contents($id_rsa_pub_file), $client_id); $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents($id_rsa_file), @file_get_contents($id_rsa_pub_file), $client_id);
exec('rm -f '.$id_rsa_file.' '.$id_rsa_pub_file); $app->system->exec_safe('rm -f ? ?', $id_rsa_file, $id_rsa_pub_file);
} else { } else {
$app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN); $app->log("Failed to create SSH keypair for ".$username, LOGLEVEL_WARN);
} }
......
...@@ -31,6 +31,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -31,6 +31,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
class system { class system {
var $client_service = null; var $client_service = null;
private $_last_exec_out = null;
private $_last_exec_retcode = null;
public function has_service($userid, $service) { public function has_service($userid, $service) {
global $app; global $app;
...@@ -52,8 +54,43 @@ class system { ...@@ -52,8 +54,43 @@ class system {
return false; return false;
} }
} }
} //* End Class
?> public function last_exec_out() {
return $this->_last_exec_out;
}
public function last_exec_retcode() {
return $this->_last_exec_retcode;
}
public function exec_safe($cmd) {
$arg_count = func_num_args();
if($arg_count > 1) {
$args = func_get_args();
$pos = 0;
$a = 0;
foreach($args as $value) {
$a++;
$pos = strpos($cmd, '?', $pos);
if($pos === false) {
break;
}
$value = escapeshellarg($value);
$cmd = substr_replace($cmd, $value, $pos, 1);
$pos += strlen($value);
}
}
$this->_last_exec_out = null;
$this->_last_exec_retcode = null;
return exec($cmd, $this->_last_exec_out, $this->_last_exec_retcode);
}
public function system_safe($cmd) {
call_user_func_array(array($this, 'exec_safe'), func_get_args());
return implode("\n", $this->_last_exec_out);
}
} //* End Class
...@@ -49,10 +49,13 @@ class validate_dkim { ...@@ -49,10 +49,13 @@ class validate_dkim {
* Validator function for private DKIM-Key * Validator function for private DKIM-Key
*/ */
function check_private_key($field_name, $field_value, $validator) { function check_private_key($field_name, $field_value, $validator) {
global $app;
$dkim_enabled=$_POST['dkim']; $dkim_enabled=$_POST['dkim'];
if ($dkim_enabled == 'y') { if ($dkim_enabled == 'y') {
if (empty($field_value)) return $this->get_error($validator['errmsg']); if (empty($field_value)) return $this->get_error($validator['errmsg']);
exec('echo '.escapeshellarg($field_value).'|openssl rsa -check', $output, $result); $app->system->exec_safe('echo ?|openssl rsa -check', $field_value);
$result = $app->system->last_exec_retcode();
if($result != 0) return $this->get_error($validator['errmsg']); if($result != 0) return $this->get_error($validator['errmsg']);
} }
} }
......
...@@ -54,8 +54,8 @@ if($type == 'create_dkim' && $domain_id != ''){ ...@@ -54,8 +54,8 @@ if($type == 'create_dkim' && $domain_id != ''){
if ($dkim_strength=='') $dkim_strength = 2048; if ($dkim_strength=='') $dkim_strength = 2048;
$rnd_val = $dkim_strength * 10; $rnd_val = $dkim_strength * 10;
exec('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result); $app->system->exec_safe('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
exec('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result); $app->system->exec_safe('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
unlink("../../temp/random-data.bin"); unlink("../../temp/random-data.bin");
$dkim_private=''; $dkim_private='';
foreach($privkey as $values) $dkim_private=$dkim_private.$values."\n"; foreach($privkey as $values) $dkim_private=$dkim_private.$values."\n";
...@@ -79,12 +79,14 @@ if($type == 'create_dkim' && $domain_id != ''){ ...@@ -79,12 +79,14 @@ if($type == 'create_dkim' && $domain_id != ''){
$selector = 'invalid domain or selector'; $selector = 'invalid domain or selector';
} }
unset($dkim_public); unset($dkim_public);
exec('echo '.escapeshellarg($dkim_private).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result); $app->system->exec_safe('echo ?|openssl rsa -pubout -outform PEM 2> /dev/null', $dkim_private);
$pubkey = $app->system->last_exec_out();
foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n"; foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n";
$selector = $dkim_selector; $selector = $dkim_selector;
} else { } else {
unset($dkim_public); unset($dkim_public);
exec('echo '.escapeshellarg($dkim_private).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result); $app->system->exec_safe('echo ?|openssl rsa -pubout -outform PEM 2> /dev/null', $dkim_private);
$pubkey = $app->system->last_exec_out();
foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n"; foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n";
$selector = $dkim_selector; $selector = $dkim_selector;
} }
......
...@@ -69,6 +69,22 @@ class app { ...@@ -69,6 +69,22 @@ class app {
} }
public function __get($name) {
$valid_names = array('functions', 'getconf', 'letsencrypt', 'modules', 'plugins', 'services', 'system');
if(!in_array($name, $valid_names)) {
trigger_error('Undefined property ' . $name . ' of class app', E_USER_WARNING);
}
if(property_exists($this, $name)) {
return $this->{$name};
}
$this->uses($name);
if(property_exists($this, $name)) {
return $this->{$name};
} else {
trigger_error('Undefined property ' . $name . ' of class app', E_USER_WARNING);
}
}
function setCaller($caller) { function setCaller($caller) {
$this->_calling_script = $caller; $this->_calling_script = $caller;
} }
......
...@@ -395,7 +395,7 @@ class ApsInstaller extends ApsBase ...@@ -395,7 +395,7 @@ class ApsInstaller extends ApsBase
mkdir($this->document_root, 0777, true); mkdir($this->document_root, 0777, true);
} }
} else { } else {
exec("rm -Rf ".escapeshellarg($this->local_installpath).'*'); $app->system->exec_safe("rm -Rf ?*", $this->local_installpath);
} }
} else { } else {
mkdir($this->local_installpath, 0777, true); mkdir($this->local_installpath, 0777, true);
...@@ -412,7 +412,7 @@ class ApsInstaller extends ApsBase ...@@ -412,7 +412,7 @@ class ApsInstaller extends ApsBase
|| ($this->extractZip($this->packages_dir.'/'.$task['path'], 'scripts', $this->local_installpath.'install_scripts/') === false) ) || ($this->extractZip($this->packages_dir.'/'.$task['path'], 'scripts', $this->local_installpath.'install_scripts/') === false) )
{ {
// Clean already extracted data // Clean already extracted data
exec("rm -Rf ".escapeshellarg($this->local_installpath).'*'); $app->system->exec_safe("rm -Rf ?*", $this->local_installpath);
throw new Exception('Unable to extract the package '.$task['path']); throw new Exception('Unable to extract the package '.$task['path']);
} }
...@@ -423,11 +423,11 @@ class ApsInstaller extends ApsBase ...@@ -423,11 +423,11 @@ class ApsInstaller extends ApsBase
$owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = ?", $main_domain['value']); $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = ?", $main_domain['value']);
$this->file_owner_user = $owner_res['system_user']; $this->file_owner_user = $owner_res['system_user'];
$this->file_owner_group = $owner_res['system_group']; $this->file_owner_group = $owner_res['system_group'];
exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath)); $app->system->exec_safe('chown -R ?:? ?', $this->file_owner_user, $this->file_owner_group, $this->local_installpath);
//* Chown stats directory back //* Chown stats directory back
if(is_dir($this->local_installpath.'stats')) { if(is_dir($this->local_installpath.'stats')) {
exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats')); $app->system->exec_safe('chown -R root:root ?', $this->local_installpath.'stats');
} }
} }
} }
...@@ -554,7 +554,9 @@ class ApsInstaller extends ApsBase ...@@ -554,7 +554,9 @@ class ApsInstaller extends ApsBase
$shell_retcode = true; $shell_retcode = true;
$shell_ret = array(); $shell_ret = array();
exec('php '.escapeshellarg($this->local_installpath.'install_scripts/'.$cfgscript).' install 2>&1', $shell_ret, $shell_retcode); $app->system->exec_safe('php ? install 2>&1', $this->local_installpath.'install_scripts/'.$cfgscript);
$shell_ret = $app->system->last_exec_out();
$shell_retcode = $app->system->last_exec_retcode();
$shell_ret = array_filter($shell_ret); $shell_ret = array_filter($shell_ret);
$shell_ret_str = implode("\n", $shell_ret); $shell_ret_str = implode("\n", $shell_ret);
...@@ -566,11 +568,11 @@ class ApsInstaller extends ApsBase ...@@ -566,11 +568,11 @@ class ApsInstaller extends ApsBase
else else
{ {
// The install succeeded, chown newly created files too // The install succeeded, chown newly created files too
exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath)); $app->system->exec_safe('chown -R ?:? ?', $this->file_owner_user, $this->file_owner_group, $this->local_installpath);
//* Chown stats directory back //* Chown stats directory back
if(is_dir($this->local_installpath.'stats')) { if(is_dir($this->local_installpath.'stats')) {
exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats')); $app->system->exec_safe('chown -R root:root ?', $this->local_installpath.'stats');
} }
$app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_SUCCESS, $task['instance_id']); $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_SUCCESS, $task['instance_id']);
...@@ -597,8 +599,9 @@ class ApsInstaller extends ApsBase ...@@ -597,8 +599,9 @@ class ApsInstaller extends ApsBase
*/ */
private function cleanup($task, $sxe) private function cleanup($task, $sxe)
{ {
global $app;
chdir($this->local_installpath); chdir($this->local_installpath);
exec("rm -Rf ".escapeshellarg($this->local_installpath).'install_scripts'); $app->system->exec_safe("rm -Rf ?", $this->local_installpath.'install_scripts');
} }
......
...@@ -90,7 +90,7 @@ class cronjob_monitor_email_quota extends cronjob { ...@@ -90,7 +90,7 @@ class cronjob_monitor_email_quota extends cronjob {
$email_parts = explode('@', $mb['email']); $email_parts = explode('@', $mb['email']);
$filename = $mb['maildir'].'/.quotausage'; $filename = $mb['maildir'].'/.quotausage';
if(!file_exists($filename) && $dovecot) { if(!file_exists($filename) && $dovecot) {
exec('doveadm quota recalc -u '.$email); $app->system->exec_safe('doveadm quota recalc -u ?', $email);
} }
if(file_exists($filename) && !is_link($filename)) { if(file_exists($filename) && !is_link($filename)) {
$quotafile = file($filename); $quotafile = file($filename);
...@@ -99,7 +99,8 @@ class cronjob_monitor_email_quota extends cronjob { ...@@ -99,7 +99,8 @@ class cronjob_monitor_email_quota extends cronjob {
$app->log("Mail storage $email: " . $storage_value[1], LOGLEVEL_DEBUG); $app->log("Mail storage $email: " . $storage_value[1], LOGLEVEL_DEBUG);
unset($quotafile); unset($quotafile);
} else { } else {
exec('du -s '.escapeshellcmd($mb['maildir']), $out); $app->system->exec_safe('du -s ?', $mb['maildir']);
$out = $app->system->last_exec_out();
$parts = explode(' ', $out[0]); $parts = explode(' ', $out[0]);
$data[$email]['used'] = intval($parts[0])*1024; $data[$email]['used'] = intval($parts[0])*1024;
unset($out); unset($out);
......
...@@ -71,16 +71,16 @@ class cronjob_awstats extends cronjob { ...@@ -71,16 +71,16 @@ class cronjob_awstats extends cronjob {
$log_folder .= '/' . $subdomain_host; $log_folder .= '/' . $subdomain_host;
unset($tmp); unset($tmp);
} }
$logfile = escapeshellcmd($rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log'); $logfile = $rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log';
if(!@is_file($logfile)) { if(!@is_file($logfile)) {
$logfile = escapeshellcmd($rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log.gz'); $logfile = $rec['document_root'].'/' . $log_folder . '/'.$yesterday.'-access.log.gz';
if(!@is_file($logfile)) { if(!@is_file($logfile)) {
continue; continue;
} }
} }
$web_folder = (($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') ? $rec['web_folder'] : 'web'); $web_folder = (($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') ? $rec['web_folder'] : 'web');
$domain = escapeshellcmd($rec['domain']); $domain = $rec['domain'];
$statsdir = escapeshellcmd($rec['document_root'].'/'.$web_folder.'/stats'); $statsdir = $rec['document_root'].'/'.$web_folder.'/stats';
$awstats_pl = $web_config['awstats_pl']; $awstats_pl = $web_config['awstats_pl'];
$awstats_buildstaticpages_pl = $web_config['awstats_buildstaticpages_pl']; $awstats_buildstaticpages_pl = $web_config['awstats_buildstaticpages_pl'];
...@@ -117,8 +117,8 @@ class cronjob_awstats extends cronjob { ...@@ -117,8 +117,8 @@ class cronjob_awstats extends cronjob {
} }
if(!@is_dir($statsdir)) mkdir($statsdir); if(!@is_dir($statsdir)) mkdir($statsdir);
$username = escapeshellcmd($rec['system_user']); $username = $rec['system_user'];
$groupname = escapeshellcmd($rec['system_group']); $groupname = $rec['system_group'];
chown($statsdir, $username); chown($statsdir, $username);
chgrp($statsdir, $groupname); chgrp($statsdir, $groupname);
if(is_link('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log')) unlink('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log'); if(is_link('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log')) unlink('/var/log/ispconfig/httpd/'.$domain.'/yesterday-access.log');
...@@ -138,7 +138,7 @@ class cronjob_awstats extends cronjob { ...@@ -138,7 +138,7 @@ class cronjob_awstats extends cronjob {
// awstats_buildstaticpages.pl -update -config=mydomain.com -lang=en -dir=/var/www/domain.com/'.$web_folder.'/stats -awstatsprog=/path/to/awstats.pl // awstats_buildstaticpages.pl -update -config=mydomain.com -lang=en -dir=/var/www/domain.com/'.$web_folder.'/stats -awstatsprog=/path/to/awstats.pl
// $command = "$awstats_buildstaticpages_pl -update -config='$domain' -lang=".$conf['language']." -dir='$statsdir' -awstatsprog='$awstats_pl'"; // $command = "$awstats_buildstaticpages_pl -update -config='$domain' -lang=".$conf['language']." -dir='$statsdir' -awstatsprog='$awstats_pl'";
$command = "$awstats_buildstaticpages_pl -month='$awmonth' -year='$awyear' -update -config='$domain' -lang=".$conf['language']." -dir='$statsdir' -awstatsprog='$awstats_pl'"; $command = escapeshellcmd($awstats_buildstaticpages_pl) . ' -month=' . escapeshellarg($awmonth) . ' -year=' . escapeshellarg($awyear) . ' -update -config=' . escapeshellarg($domain) . ' -lang=' . escapeshellarg($conf['language']) . ' -dir=' . escapeshellarg($statsdir) . ' -awstatsprog=' . escapeshellarg($awstats_pl);
if (date("d") == 2) { if (date("d") == 2) {
$awmonth = date("m")-1; $awmonth = date("m")-1;
...@@ -178,7 +178,7 @@ class cronjob_awstats extends cronjob { ...@@ -178,7 +178,7 @@ class cronjob_awstats extends cronjob {
chgrp($rec['document_root']."/".$web_folder."/stats/index.php", $rec['system_group']); chgrp($rec['document_root']."/".$web_folder."/stats/index.php", $rec['system_group']);
} }
exec('chown -R '.$username.':'.$groupname.' '.$statsdir); $app->system->exec_safe('chown -R ?:? ?', $username, $groupname, $statsdir);
} }
......
...@@ -102,11 +102,11 @@ class cronjob_webalizer extends cronjob { ...@@ -102,11 +102,11 @@ class cronjob_webalizer extends cronjob {
} }
} }
$domain = escapeshellcmd($rec['domain']); $domain = $rec['domain'];
$statsdir = escapeshellcmd($rec['document_root'].'/'.(($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') ? $rec['web_folder'] : 'web').'/stats'); $statsdir = $rec['document_root'].'/'.(($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') ? $rec['web_folder'] : 'web').'/stats';
$webalizer = '/usr/bin/webalizer'; $webalizer = '/usr/bin/webalizer';
$webalizer_conf_main = '/etc/webalizer/webalizer.conf'; $webalizer_conf_main = '/etc/webalizer/webalizer.conf';
$webalizer_conf = escapeshellcmd($rec['document_root'].'/log/webalizer.conf'); $webalizer_conf = $rec['document_root'].'/log/webalizer.conf';
if(is_file($statsdir.'/index.php')) unlink($statsdir.'/index.php'); if(is_file($statsdir.'/index.php')) unlink($statsdir.'/index.php');
...@@ -122,13 +122,13 @@ class cronjob_webalizer extends cronjob { ...@@ -122,13 +122,13 @@ class cronjob_webalizer extends cronjob {
if(!@is_dir($statsdir)) mkdir($statsdir); if(!@is_dir($statsdir)) mkdir($statsdir);
$username = escapeshellcmd($rec['system_user']); $username = $rec['system_user'];
$groupname = escapeshellcmd($rec['system_group']); $groupname = $rec['system_group'];
chown($statsdir, $username); chown($statsdir, $username);
chgrp($statsdir, $groupname); chgrp($statsdir, $groupname);
exec("$webalizer -c $webalizer_conf -n $domain -s $domain -r $domain -q -T -p -o $statsdir $logfile"); $app->system->exec_safe("$webalizer -c ? -n ? -s ? -r ? -q -T -p -o ? ?", $webalizer_conf, $domain, $domain, $domain, $statsdir, $logfile);
exec('chown -R '.$username.':'.$groupname.' '.$statsdir); exec('chown -R ?:? ?', $username, $groupname, $statsdir);
} }
......
...@@ -54,7 +54,7 @@ class cronjob_logfiles extends cronjob { ...@@ -54,7 +54,7 @@ class cronjob_logfiles extends cronjob {
$server_config = $app->getconf->get_server_config($conf['server_id'], 'server'); $server_config = $app->getconf->get_server_config($conf['server_id'], 'server');
if($server_config['log_retention'] > 0) { if($server_config['log_retention'] > 0) {
$max_syslog = $server_config['log_retention']; $max_syslog = $app->functions->intval($server_config['log_retention']);
} else { } else {
$max_syslog = 10; $max_syslog = 10;
} }
...@@ -113,18 +113,18 @@ class cronjob_logfiles extends cronjob { ...@@ -113,18 +113,18 @@ class cronjob_logfiles extends cronjob {
} }
$yesterday2 = date('Ymd', time() - 86400*2); $yesterday2 = date('Ymd', time() - 86400*2);
$logfile = escapeshellcmd($rec['document_root'].'/' . $log_folder . '/'.$yesterday2.'-access.log'); $logfile = $rec['document_root'].'/' . $log_folder . '/'.$yesterday2.'-access.log';
//* Compress logfile //* Compress logfile
if(@is_file($logfile)) { if(@is_file($logfile)) {
// Compress yesterdays logfile // Compress yesterdays logfile
exec("gzip -c $logfile > $logfile.gz"); $app->system->exec_safe("gzip -c ? > ?", $logfile, $logfile . '.gz');
unlink($logfile); unlink($logfile);
} }
$cron_logfiles = array('cron.log', 'cron_error.log', 'cron_wget.log'); $cron_logfiles = array('cron.log', 'cron_error.log', 'cron_wget.log');
foreach($cron_logfiles as $cron_logfile) { foreach($cron_logfiles as $cron_logfile) {
$cron_logfile = escapeshellcmd($rec['document_root'].'/' . $log_folder . '/' . $cron_logfile); $cron_logfile = $rec['document_root'].'/' . $log_folder . '/' . $cron_logfile;
// rename older files (move up by one) // rename older files (move up by one)
$num = $log_retention; $num = $log_retention;
...@@ -135,8 +135,8 @@ class cronjob_logfiles extends cronjob { ...@@ -135,8 +135,8 @@ class cronjob_logfiles extends cronjob {
// compress current logfile // compress current logfile
if(is_file($cron_logfile)) { if(is_file($cron_logfile)) {
exec("gzip -c $cron_logfile > $cron_logfile.1.gz"); $app->system->exec_safe("gzip -c ? > ?", $cron_logfile, $cron_logfile . '.1.gz');
exec("cat /dev/null > $cron_logfile"); $app->system->exec_safe("cat /dev/null > ?", $cron_logfile);
} }
// remove older logs // remove older logs
$num = $log_retention; $num = $log_retention;
...@@ -156,8 +156,8 @@ class cronjob_logfiles extends cronjob { ...@@ -156,8 +156,8 @@ class cronjob_logfiles extends cronjob {
} }
// compress current logfile // compress current logfile
if(is_file($error_logfile)) { if(is_file($error_logfile)) {
exec("gzip -c $error_logfile > $error_logfile.1.gz"); $app->system->exec_safe("gzip -c ? > ?", $error_logfile, $error_logfile . '.1.gz');
exec("cat /dev/null > $error_logfile"); $app->system->exec_safe("cat /dev/null > ?", $error_logfile);
} }
// delete logfiles after x days (default 10) // delete logfiles after x days (default 10)
...@@ -175,7 +175,7 @@ class cronjob_logfiles extends cronjob { ...@@ -175,7 +175,7 @@ class cronjob_logfiles extends cronjob {
//* Delete old logfiles in /var/log/ispconfig/httpd/ that were created by vlogger for the hostname of the server //* Delete old logfiles in /var/log/ispconfig/httpd/ that were created by vlogger for the hostname of the server
exec('hostname -f', $tmp_hostname); exec('hostname -f', $tmp_hostname);
if($tmp_hostname[0] != '' && is_dir('/var/log/ispconfig/httpd/'.$tmp_hostname[0])) { if($tmp_hostname[0] != '' && is_dir('/var/log/ispconfig/httpd/'.$tmp_hostname[0])) {
exec('cd /var/log/ispconfig/httpd/'.$tmp_hostname[0]."; find . -mtime +$max_syslog -name '*.log' | xargs rm > /dev/null 2> /dev/null"); $app->system->exec_safe("cd ?; find . -mtime +$max_syslog -name '*.log' | xargs rm > /dev/null 2> /dev/null", '/var/log/ispconfig/httpd/'.$tmp_hostname[0]);
} }
unset($tmp_hostname); unset($tmp_hostname);
...@@ -195,8 +195,8 @@ class cronjob_logfiles extends cronjob { ...@@ -195,8 +195,8 @@ class cronjob_logfiles extends cronjob {
} }
// compress current logfile // compress current logfile
if(is_file($ispconfig_logfile)) { if(is_file($ispconfig_logfile)) {
exec("gzip -c $ispconfig_logfile > $ispconfig_logfile.1.gz"); $app->system->exec_safe("gzip -c ? > ?", $ispconfig_logfile, $ispconfig_logfile . '.1.gz');
exec("cat /dev/null > $ispconfig_logfile"); $app->system->exec_safe("cat /dev/null > ?", $ispconfig_logfile);
} }
// remove older logs // remove older logs
$num = $max_syslog; $num = $max_syslog;
...@@ -215,9 +215,9 @@ class cronjob_logfiles extends cronjob { ...@@ -215,9 +215,9 @@ class cronjob_logfiles extends cronjob {
$app->uses('system'); $app->uses('system');
if(is_array($records)) { if(is_array($records)) {
foreach($records as $rec){ foreach($records as $rec){
$tmp_path = realpath(escapeshellcmd($rec['document_root'].'/tmp')); $tmp_path = realpath($rec['document_root'].'/tmp');
if($tmp_path != '' && strlen($tmp_path) > 10 && is_dir($tmp_path) && $app->system->is_user($rec['system_user'])){ if($tmp_path != '' && strlen($tmp_path) > 10 && is_dir($tmp_path) && $app->system->is_user($rec['system_user'])){
exec('cd '.$tmp_path."; find . -mtime +1 -name 'sess_*' | grep -v -w .no_delete | xargs rm > /dev/null 2> /dev/null"); exec("cd ?; find . -mtime +1 -name 'sess_*' | grep -v -w .no_delete | xargs rm > /dev/null 2> /dev/null", $tmp_path);
} }
} }
} }
......
...@@ -69,9 +69,9 @@ class cronjob_backup extends cronjob { ...@@ -69,9 +69,9 @@ class cronjob_backup extends cronjob {
} }
if(!is_dir($backup_dir)) { if(!is_dir($backup_dir)) {
mkdir(escapeshellcmd($backup_dir), $backup_dir_permissions, true); mkdir($backup_dir, $backup_dir_permissions, true);
} else { } else {