405 Method Not Allowed"; exit(0); } if(!empty($_SERVER['QUERY_STRING'])){ parse_str($_SERVER['QUERY_STRING'], $_GET); foreach($_GET as $k => $v){ $_REQUEST[$k] = $v; } } if(!empty($_SERVER['POST'])){ parse_str($_SERVER['POST'], $_POST); foreach($_POST as $k => $v){ $_REQUEST[$k] = $v; } } echo "HTTP/1.1 200 OK\n"; echo "Content-Type: text/html\n"; if(@$_GET['act'] == 'backups' && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){ echo 'Content-Disposition: attachment; filename="'.$_GET['download'].'"'."\n"; } echo "\n"; $orig_gid = (int) getenv('soft_egid'); $orig_uid = (int) getenv('soft_euid'); $env_userdata = posix_getpwnam($_SERVER['USERNAME']); if(empty($env_userdata) || $env_userdata['uid'] !== $orig_uid || $env_userdata['gid'] !== $orig_gid){ die('Unauthorised web access : Incorrect username'); } // These commands need to be executed as root $da_version = @shell_exec('/usr/local/directadmin/directadmin v'); // Is the user uploading a file ? We need to chown it if(!empty($_REQUEST['act']) && $_REQUEST['act'] == 'new_site' && !empty($_REQUEST['softaculous_pro_nonce']) && !empty($_POST['image'])){ $custom_file = da_optPOST('image'); $r_custom_file = preg_replace('#/home/tmp/#', '', $custom_file); // Security check if(substr_count($r_custom_file, '/') == 0 && !is_link($custom_file)){ chown('/home/tmp/'.$r_custom_file, $orig_uid); chgrp('/home/tmp/'.$r_custom_file, $orig_gid); } } // We don't have functions.php yet function da_optPOST($name, $default = ''){ global $error; //Check the POSTED NAME was posted if(isset($_POST[$name])){ return da_inputsec(da_htmlizer(trim($_POST[$name]))); }else{ return $default; } } function da_inputsec($string){ //get_magic_quotes_gpc is depricated in php 7.4 if(version_compare(PHP_VERSION, '7.4', '<')){ if(!get_magic_quotes_gpc()){ $string = addslashes($string); }else{ $string = stripslashes($string); $string = addslashes($string); } }else{ $string = addslashes($string); } // This is to replace ` which can cause the command to be executed in exec() $string = str_replace('`', '\`', $string); return $string; } function da_htmlizer($string){ global $globals; $string = htmlentities($string, ENT_QUOTES, $globals['charset']); preg_match_all('/(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)/', $string, $matches);//r_print($matches); foreach($matches[1] as $mk => $mv){ $tmp_m = da_entity_check($matches[2][$mk]); $string = str_replace($matches[1][$mk], $tmp_m, $string); } return $string; } function da_entity_check($string){ //Convert Hexadecimal to Decimal $num = ((substr($string, 0, 1) === 'x') ? hexdec(substr($string, 1)) : (int) $string); //Squares and Spaces - return nothing $string = (($num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num < 0x20) ? '' : '&#'.$num.';'); return $string; } posix_setgid($orig_gid); posix_setuid($orig_uid); putenv('soft_egid'); putenv('soft_euid'); // Still Root ? if(posix_getuid() == 0 || posix_geteuid() == 0){ echo 'ERROR IN SHIFTING TO USER LEVEL';exit(1); } include('/usr/local/sitepad/enduser.php');