Update exec.php
This commit is contained in:
FusionPBX
GitHub
parent
a69ca2eb44
commit
6902cbe06d
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
The Initial Developer of the Original Code is
|
The Initial Developer of the Original Code is
|
||||||
Mark J Crane <markjcrane@fusionpbx.com>
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||||||
Portions created by the Initial Developer are Copyright (C) 2008-2018
|
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
||||||
the Initial Developer. All Rights Reserved.
|
the Initial Developer. All Rights Reserved.
|
||||||
|
|
||||||
Contributor(s):
|
Contributor(s):
|
||||||
|
|
@ -66,7 +66,7 @@
|
||||||
require_once "resources/header.php";
|
require_once "resources/header.php";
|
||||||
$document['title'] = $text['title-command'];
|
$document['title'] = $text['title-command'];
|
||||||
|
|
||||||
//pdo voicemail database connection
|
//pdo database connection
|
||||||
if (permission_exists('exec_sql')) {
|
if (permission_exists('exec_sql')) {
|
||||||
require_once "sql_query_pdo.php";
|
require_once "sql_query_pdo.php";
|
||||||
}
|
}
|
||||||
|
|
@ -245,7 +245,7 @@
|
||||||
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
||||||
foreach ($result as &$row) {
|
foreach ($result as &$row) {
|
||||||
$row = array_values($row);
|
$row = array_values($row);
|
||||||
echo " <option value='".$row[0]."'>".$row[0]."</option>\n";
|
echo " <option value='".escape($row[0])."'>".escape($row[0])."</option>\n";
|
||||||
}
|
}
|
||||||
echo " </select>\n";
|
echo " </select>\n";
|
||||||
//echo " <br /><br />\n";
|
//echo " <br /><br />\n";
|
||||||
|
|
@ -277,7 +277,7 @@
|
||||||
echo "<br>";
|
echo "<br>";
|
||||||
|
|
||||||
//html form
|
//html form
|
||||||
echo "<input type='hidden' name='id' value='".$_REQUEST['id']."'>\n"; //sql db id
|
echo "<input type='hidden' name='id' value='".escape($_REQUEST['id'])."'>\n"; //sql db id
|
||||||
echo "<textarea name='cmd' id='cmd' style='display: none;'></textarea>";
|
echo "<textarea name='cmd' id='cmd' style='display: none;'></textarea>";
|
||||||
echo "<table cellpadding='0' cellspacing='0' border='0' style='width: 100%;'>\n";
|
echo "<table cellpadding='0' cellspacing='0' border='0' style='width: 100%;'>\n";
|
||||||
echo " <tr>";
|
echo " <tr>";
|
||||||
|
|
@ -323,7 +323,7 @@
|
||||||
$preview = "onmouseover=\"editor.getSession().setMode(".(($value == 'php') ? "{path:'ace/mode/php', inline:true}" : "'ace/mode/' + this.value").");\"";
|
$preview = "onmouseover=\"editor.getSession().setMode(".(($value == 'php') ? "{path:'ace/mode/php', inline:true}" : "'ace/mode/' + this.value").");\"";
|
||||||
}
|
}
|
||||||
$selected = ($value == $mode) ? 'selected' : null;
|
$selected = ($value == $mode) ? 'selected' : null;
|
||||||
echo "<option value='".$value."' ".$selected." ".$preview.">".$label."</option>\n";
|
echo "<option value='".escape($value)."' ".escape($selected)." ".escape($preview).">".escape($label)."</option>\n";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</select>
|
</select>
|
||||||
|
|
@ -334,12 +334,12 @@
|
||||||
$sizes = explode(',','9px,10px,11px,12px,14px,16px,18px,20px');
|
$sizes = explode(',','9px,10px,11px,12px,14px,16px,18px,20px');
|
||||||
$preview = ($setting_preview == 'true') ? "onmouseover=\"document.getElementById('editor').style.fontSize = this.value;\"" : null;
|
$preview = ($setting_preview == 'true') ? "onmouseover=\"document.getElementById('editor').style.fontSize = this.value;\"" : null;
|
||||||
if (!in_array($setting_size, $sizes)) {
|
if (!in_array($setting_size, $sizes)) {
|
||||||
echo "<option value='".$setting_size."' ".$preview.">".$setting_size."</option>\n";
|
echo "<option value='".escape($setting_size)."' ".escape($preview).">".escape($setting_size)."</option>\n";
|
||||||
echo "<option value='' disabled='disabled'></option>\n";
|
echo "<option value='' disabled='disabled'></option>\n";
|
||||||
}
|
}
|
||||||
foreach ($sizes as $size) {
|
foreach ($sizes as $size) {
|
||||||
$selected = ($size == $setting_size) ? 'selected' : null;
|
$selected = ($size == $setting_size) ? 'selected' : null;
|
||||||
echo "<option value='".$size."' ".$selected." ".$preview.">".$size."</option>\n";
|
echo "<option value='".escape($size)."' ".$selected." ".escape($preview).">".escape($size)."</option>\n";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</select>
|
</select>
|
||||||
|
|
@ -386,7 +386,7 @@
|
||||||
echo "<optgroup label='".$optgroup."'>\n";
|
echo "<optgroup label='".$optgroup."'>\n";
|
||||||
foreach ($theme as $value => $label) {
|
foreach ($theme as $value => $label) {
|
||||||
$selected = (strtolower($label) == strtolower($setting_theme)) ? 'selected' : null;
|
$selected = (strtolower($label) == strtolower($setting_theme)) ? 'selected' : null;
|
||||||
echo "<option value='".$value."' ".$selected." ".$preview.">".$label."</option>\n";
|
echo "<option value='".escape($value)."' ".$selected." ".escape($preview).">".escape($label)."</option>\n";
|
||||||
}
|
}
|
||||||
echo "</optgroup>\n";
|
echo "</optgroup>\n";
|
||||||
}
|
}
|
||||||
|
|
@ -395,7 +395,7 @@
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<div id='editor'><?php echo htmlentities($cmd); ?></div>
|
<div id='editor'><?php echo escape($cmd); ?></div>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
echo " </td>";
|
echo " </td>";
|
||||||
|
|
@ -427,7 +427,7 @@
|
||||||
<?php if ($mode == 'php') { ?>
|
<?php if ($mode == 'php') { ?>
|
||||||
editor.getSession().setMode({path:'ace/mode/php', inline:true});
|
editor.getSession().setMode({path:'ace/mode/php', inline:true});
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
document.getElementById('editor').style.fontSize='<?php echo $setting_size;?>';
|
document.getElementById('editor').style.fontSize='<?php echo escape($setting_size);?>';
|
||||||
focus_editor();
|
focus_editor();
|
||||||
|
|
||||||
//keyboard shortcut to execute command
|
//keyboard shortcut to execute command
|
||||||
|
|
@ -442,12 +442,13 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
//show the result
|
//show the result
|
||||||
if (count($_POST) > 0) {
|
if (is_array($_POST)) {
|
||||||
if ($cmd != '') {
|
if ($cmd != '') {
|
||||||
|
$result = '';
|
||||||
switch ($handler) {
|
switch ($handler) {
|
||||||
case 'shell':
|
case 'shell':
|
||||||
if (permission_exists('exec_command')) {
|
if (permission_exists('exec_command')) {
|
||||||
$result = htmlentities(shell_exec($cmd . " 2>&1"));
|
$result = shell_exec($cmd . " 2>&1");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'php':
|
case 'php':
|
||||||
|
|
@ -461,9 +462,9 @@
|
||||||
case 'switch':
|
case 'switch':
|
||||||
if (permission_exists('exec_switch')) {
|
if (permission_exists('exec_switch')) {
|
||||||
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
|
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
|
||||||
if ($fp) {
|
if ($fp) {
|
||||||
$result = event_socket_request($fp, 'api '.$cmd);
|
$result = event_socket_request($fp, 'api '.$cmd);
|
||||||
$result = htmlspecialchars(utf8_encode($result), ENT_QUOTES);
|
$result = utf8_encode($result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -472,7 +473,7 @@
|
||||||
echo "<span id='response'>";
|
echo "<span id='response'>";
|
||||||
echo "<b>".$text['label-response']."</b>\n";
|
echo "<b>".$text['label-response']."</b>\n";
|
||||||
echo "<br /><br />\n";
|
echo "<br /><br />\n";
|
||||||
echo ($handler == 'switch') ? "<textarea style='width: 100%; height: 450px; font-family: monospace; padding: 15px;' wrap='off'>".$result."</textarea>\n" : "<pre>".$result."</pre>";
|
echo ($handler == 'switch') ? "<textarea style='width: 100%; height: 450px; font-family: monospace; padding: 15px;' wrap='off'>".escape($result)."</textarea>\n" : "<pre>".escape($result)."</pre>";
|
||||||
echo "</span>";
|
echo "</span>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue