Prevent install via CLI / API / WebGUI via command v-update-sys-hestia package

jaapmarcus · jaapmarcus · commit 9a1fccd37f28 · 2021-03-30T09:28:48.000Z
Current script accepts all valid packages now limiited to hestia, hestia-nginx, hestia-php @numanturle
diff --git a/bin/v-update-sys-hestia b/bin/v-update-sys-hestia
@@ -32,6 +32,7 @@ source $HESTIA/conf/hestia.conf
 
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'
+is_hestia_package "hestia,hestia-nginx,hestia-php" "$package"
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
diff --git a/func/main.sh b/func/main.sh
@@ -1154,6 +1154,12 @@ multiphp_default_version() {
     echo "$sys_phpversion"
 }
 
+is_hestia_package(){
+    if [ -z "$(echo $1 | grep -w $2)" ]; then
+        check_result $E_INVALID "$2 package is not controlled by hestiacp"
+    fi
+}
+
 # Run arbitrary cli commands with dropped privileges
 # Note: setpriv --init-groups is not available on debian9 (util-linux 2.29.2)
 # Input:
