Mini Shell
#!/usr/bin/bash
eval 'if [ -x /usr/local/cpanel/3rdparty/bin/perl ]; then exec /usr/local/cpanel/3rdparty/bin/perl -x -- $0 ${1+"$@"}; else exec /usr/bin/perl -x -- $0 ${1+"$@"};fi'
if 0;
#!/usr/bin/perl
# Plugin: LVE Manager VERSION:2.0
#
# Location: cpanel/lveversion
# Copyright(c) 2017 CloudLinux, Inc.
# All rights Reserved.
# http://www.cloudlinux.com
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
BEGIN {
unshift @INC, "/usr/local/cpanel", "/usr/share/l.v.e-manager/cpanel/cgi";
}
use strict;
use warnings;
use Whostmgr::HTMLInterface ();
use Cpanel::Template;
use Cpanel::SafeRun::Errors;
use Cpanel::Encoder::Tiny ();
use Cpanel::Form ();
use Cpanel::AcctUtils::Domain ();
use JSON;
use Data::Dumper qw(Dumper);
use MIME::Base64;
use CGI;
use Digest::MD5 qw(md5_hex);
use Text::Trim qw(trim);
use CloudLinux;
use constant CLOUDLINUX_CLI_USER => '/usr/share/l.v.e-manager/utils/cloudlinux-cli-user.py';
my $cgi = new CGI;
my %GET_REQUESTS = CloudLinux::parseForm(Cpanel::Form::parseform());
my %REQUEST = CloudLinux::parseForm($cgi->Vars);
my $CURRENT_USER = $ENV{'TEAM_OWNER'} ? $ENV{'TEAM_OWNER'} : $ENV{'REMOTE_USER'};
my $cgiaction = $GET_REQUESTS{'cgiaction'} || 'default';
# @TODO: Remove line below and uncomment next line when all translation resources will be ready
my $current_locale = 'en';
#my $current_locale = $cgi->cookie('session_locale') || 'en';
my %dispatchTable = (
default => \&sendRequest,
sendRequest => \&sendRequest,
knockKnock => \&CloudLinux::knockKnock,
);
processRequest($cgiaction);
sub processRequest {
my ($action) = @_;
$action = 'default' unless exists $dispatchTable{$action};
$dispatchTable{$action}->();
}
sub sendRequest
{
CloudLinux::checkMethod('POST');
unless (exists $REQUEST{'command'}) {
CloudLinux::sendError(Cpanel::Form::parseform());
}
my %data;
$data{'owner'} = CloudLinux::OWNER_USER;
$data{'command'} = $REQUEST{'command'};
if (exists $REQUEST{'method'}) {
$data{'method'} = $REQUEST{'method'};
}
if (exists $REQUEST{'params'}) {
$data{'params'} = $REQUEST{'params'};
}
$data{'user_info'} = {
'username' => $CURRENT_USER,
'lve-id' => CloudLinux::_getUserIdByName($CURRENT_USER)
};
my $interpreter = $data{'params'}{'interpreter'};
if ($interpreter eq 'nodejs') {
$data{'plugin_name'} = 'nodejs_selector'
} elsif ($interpreter eq 'python') {
$data{'plugin_name'} = 'python_selector'
}
if (exists $REQUEST{'mockJson'} && $REQUEST{'mockJson'}) {
$data{'mockJson'} = $REQUEST{'mockJson'};
}
if (exists $REQUEST{'lang'} && $REQUEST{'lang'}) {
$data{'lang'} = $REQUEST{'lang'};
}
my $fullCommandStr = sprintf(
"%s --data=%s",
CLOUDLINUX_CLI_USER, encode_base64(JSON::XS->new->encode(\%data), '')
);
my $responseInJson = CloudLinux::safeRun($fullCommandStr);
if (not(-e CLOUDLINUX_CLI_USER)) {
if ($interpreter eq 'nodejs') {
CloudLinux::sendUnavailableError('Node.js Selector');
} elsif ($interpreter eq 'python') {
CloudLinux::sendUnavailableError('Python Selector');
}
}
my %response;
eval {
%response = %{decode_json($responseInJson)};
};
# If decode_json is catched an exeption, send error header with backtrace
if ($@ && $responseInJson ne '') {
CloudLinux::sendError('ERROR.wrong_received_data', 0, 0, $responseInJson);
}
if (exists $response{'result'} && $response{'result'} ne 'success' && $response{'result'} ne 'rollback') {
CloudLinux::sendError($responseInJson, 1);
}
if ($responseInJson eq '') {
CloudLinux::sendError('RESPONSE OF COMMAND IS EMPTY');
}
CloudLinux::setJsonHeader($responseInJson);
}
sub _checkVulnerabilities
{
# _checkCSRFToken();
_checkReferer();
}
sub _checkCSRFToken
{
if (!defined $cgi->cookie('csrftoken')
|| $cgi->cookie('csrftoken') ne $ENV{ HTTP_X_CSRFTOKEN }
) {
CloudLinux::sendError('BAD FORGERY PROTECTION TOKEN', 0, 1);
}
}
sub _checkReferer
{
my $protocol = (exists $ENV{ HTTPS } && $ENV { HTTPS } eq 'on')
? 'https' : 'http';
my $ip = $ENV { HTTP_HOST };
unless ($ENV{ HTTP_REFERER } =~ qr/^$protocol:\/\/$ip/) {
CloudLinux::sendError('BAD REFERER', 0, 1);
}
}
Zerion Mini Shell 1.0