/** * Trigger the package install process */ public function updatePackage() { $expected = ['package', 'supplier', 'type', 'version']; if (!\Airship\all_keys_exist($expected, $_POST)) { \Airship\json_response(['status' => 'ERROR', 'message' => \__('Incomplete request.')]); } try { $filter = new SkyportFilter(); $_POST = $filter($_POST); } catch (\TypeError $ex) { $this->log("Input violation", LogLevel::ALERT, \Airship\throwableToArray($ex)); \Airship\json_response(['status' => 'ERROR', 'message' => \__('Invalid input.')]); } /** * @security We need to guarantee RCE isn't possible: */ $args = \implode(' ', [\escapeshellarg(Util::charWhitelist($_POST['type'], Util::PRINTABLE_ASCII)), \escapeshellarg(Util::charWhitelist($_POST['supplier'], Util::PRINTABLE_ASCII) . '/' . Util::charWhitelist($_POST['package'], Util::PRINTABLE_ASCII)), \escapeshellarg(Util::charWhitelist($_POST['version'], Util::PRINTABLE_ASCII))]); $output = \shell_exec('php -dphar.readonly=0 ' . ROOT . '/CommandLine/update_one.sh ' . $args); \Airship\json_response(['status' => 'OK', 'message' => $output]); }
/** * Move/rename a directory. * * @param array $dirInfo * @param array $post * @param string $oldCabin * @param array $cabins * @return bool */ protected function processMoveDir(array $dirInfo, array $post = [], string $oldCabin = '', array $cabins = []) : bool { $targetID = (int) $dirInfo['directoryid']; if (\is_numeric($post['move_destination'])) { $destination = (int) $post['move_destination']; $newCabin = $this->pg->getCabinForDirectory($destination); $newPieces = $this->pg->getDirectoryPieces($destination); \array_pop($newPieces); $newPieces[] = Util::charWhitelist($post['url'], Util::NON_DIRECTORY); $newPath = \implode('/', $newPieces); } elseif (!\in_array($post['move_destination'], $cabins)) { // Cabin doesn't exist! return false; } else { $newCabin = $post['move_destination']; $newPath = Util::charWhitelist($post['url'], Util::NON_DIRECTORY); } if (!empty($post['create_redirect'])) { $old = ['cabin' => $oldCabin, 'path' => \implode('/', $this->pg->getDirectoryPieces($targetID))]; $new = ['cabin' => $newCabin, 'path' => $newPath]; $this->pg->createRedirectsForMove($old, $new); } return $this->pg->moveDir($targetID, $post['url'], $destination ?? 0, $newCabin); }