Hacked By AnonymousFox

Current Path : /usr/share/l.v.e-manager/cpanel/lveversion/
Upload File :
Current File : //usr/share/l.v.e-manager/cpanel/lveversion/cloudlinux-selector.cgi

#!/bin/bash
eval 'if [ -x /usr/local/cpanel/3rdparty/bin/perl ]; then exec /usr/local/cpanel/3rdparty/bin/perl -x -- $0 ${1+"$@"}; else exec /usr/bin/perl -x -- $0 ${1+"$@"};fi'
if 0;
#!/usr/bin/perl

# Plugin: LVE Manager VERSION:2.0
#
# Location: cpanel/lveversion
# Copyright(c) 2017 CloudLinux, Inc.
# All rights Reserved.
# http://www.cloudlinux.com
#
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

BEGIN {
    unshift @INC, "/usr/local/cpanel", "/usr/share/l.v.e-manager/cpanel/cgi";
}

use strict;
use warnings;
use Whostmgr::HTMLInterface ();
use Cpanel::Template;
use Cpanel::SafeRun::Errors;
use Cpanel::Encoder::Tiny   ();
use Cpanel::Form            ();
use Cpanel::AcctUtils::Domain ();
use JSON;
use Data::Dumper qw(Dumper);
use MIME::Base64;
use CGI;
use Digest::MD5 qw(md5_hex);
use Text::Trim qw(trim);

use CloudLinux;
use constant CLOUDLINUX_CLI_USER => '/usr/share/l.v.e-manager/utils/cloudlinux-cli-user.py';

my $cgi = new CGI;

my %GET_REQUESTS    = CloudLinux::parseForm(Cpanel::Form::parseform());
my %REQUEST    = CloudLinux::parseForm($cgi->Vars);

my $CURRENT_USER = $ENV{'TEAM_OWNER'} ? $ENV{'TEAM_OWNER'} : $ENV{'REMOTE_USER'};
my $cgiaction = $GET_REQUESTS{'cgiaction'} || 'default';

# @TODO: Remove line below and uncomment next line when all translation resources will be ready
my $current_locale = 'en';
#my $current_locale = $cgi->cookie('session_locale') || 'en';

my %dispatchTable = (
    default => \&sendRequest,
    sendRequest => \&sendRequest,
    knockKnock => \&CloudLinux::knockKnock,
);

processRequest($cgiaction);

sub processRequest {
    my ($action) = @_;
    $action = 'default' unless exists $dispatchTable{$action};
    $dispatchTable{$action}->();
}

sub sendRequest
{
    CloudLinux::checkMethod('POST');
    unless (exists $REQUEST{'command'}) {
        CloudLinux::sendError(Cpanel::Form::parseform());
    }

    my %data;

    $data{'owner'} = CloudLinux::OWNER_USER;

    $data{'command'} = $REQUEST{'command'};

    if (exists $REQUEST{'method'}) {
        $data{'method'} = $REQUEST{'method'};
    }

    if (exists $REQUEST{'params'}) {
        $data{'params'} = $REQUEST{'params'};
    }

    $data{'user_info'} = {
        'username' => $CURRENT_USER,
        'lve-id'   => CloudLinux::_getUserIdByName($CURRENT_USER)
    };

    my $interpreter = $data{'params'}{'interpreter'};

    if ($interpreter eq 'nodejs') {
        $data{'plugin_name'} = 'nodejs_selector'
    } elsif ($interpreter eq 'python') {
        $data{'plugin_name'} = 'python_selector'
    }

    if (exists $REQUEST{'mockJson'} && $REQUEST{'mockJson'}) {
        $data{'mockJson'} = $REQUEST{'mockJson'};
    }

    if (exists $REQUEST{'lang'} && $REQUEST{'lang'}) {
        $data{'lang'} = $REQUEST{'lang'};
    }

    my $fullCommandStr = sprintf(
        "%s --data=%s",
        CLOUDLINUX_CLI_USER, encode_base64(JSON::XS->new->encode(\%data), '')
    );

    my $responseInJson = CloudLinux::safeRun($fullCommandStr);

    if (not(-e CLOUDLINUX_CLI_USER)) {
        if ($interpreter eq 'nodejs') {
            CloudLinux::sendUnavailableError('Node.js Selector');
        } elsif ($interpreter eq 'python') {
            CloudLinux::sendUnavailableError('Python Selector');
        }
    }

    my %response;
    eval {
        %response = %{decode_json($responseInJson)};
    };

    # If decode_json is catched an exeption, send error header with backtrace
    if ($@ && $responseInJson ne '') {
        CloudLinux::sendError('ERROR.wrong_received_data', 0, 0, $responseInJson);
    }

    if (exists $response{'result'} && $response{'result'} ne 'success' && $response{'result'} ne 'rollback') {
        CloudLinux::sendError($responseInJson, 1);
    }

    if ($responseInJson eq '') {
        CloudLinux::sendError('RESPONSE OF COMMAND IS EMPTY');
    }

    CloudLinux::setJsonHeader($responseInJson);
}

sub _checkVulnerabilities
{
    # _checkCSRFToken();
    _checkReferer();
}

sub _checkCSRFToken
{
    if (!defined $cgi->cookie('csrftoken')
        || $cgi->cookie('csrftoken') ne $ENV{ HTTP_X_CSRFTOKEN }
    ) {
        CloudLinux::sendError('BAD FORGERY PROTECTION TOKEN', 0, 1);
    }
}

sub _checkReferer
{
    my $protocol = (exists $ENV{ HTTPS } && $ENV { HTTPS } eq 'on')
        ? 'https' : 'http';
    my $ip = $ENV { HTTP_HOST };
    unless ($ENV{ HTTP_REFERER } =~ qr/^$protocol:\/\/$ip/) {
        CloudLinux::sendError('BAD REFERER', 0, 1);
    }
}

Hacked By AnonymousFox1.0, Coded By AnonymousFox