HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
Upload Files
File: //proc/self/root/usr/local/CyberCP/public/imunifyav/classes/panels/DirectAdmin.php
<?php

namespace Imunify360\panels;


class DirectAdmin extends AbstractPanel {
    const MANIFEST_PATH = 'plugins/Imunify/images/assets/static/manifest.json';

    /**
     * @return array
     */
    public function getPost() {
        if (!$_SERVER['POST'] || json_decode($_SERVER['POST'])) {
            return array();
        }

        $data = array();
        $parts = explode('&', $_SERVER['POST']);
        foreach ($parts as $part) {
            list($property, $value) = explode('=', $part);
            $property = urldecode($property);
            $value = urldecode($value);
            if (($pos = strpos($property, '[]')) !== false) {
                $property = substr($property, 0, $pos);
                if (!isset($data[$property]) || !is_array($data[$property])) {
                    $data[$property] = array();
                }
                array_push($data[$property], $value);
            } else {
                $data[$property] = $value;
            }
        }

        return $data;
    }

    /**
     *
     */
    public function uploadFile()
    {
        $data = array(
            'files' => array(),
        );

        foreach ($this->request->files as $tmpPath) {
            $fileName = substr(basename($tmpPath), 0, -6);     // last 6 symbols are randomly added
            $data['files'][$tmpPath] = $fileName;
        }

        try {
            $response = $this->execute(json_encode($data), 'uploadFile');
            $this->renderSuccess($response);
        } catch (\ErrorException $e) {
            $this->renderError($response);
        }
    }

    /**
     * @return string
     */
    public function getJson() {
        return $_SERVER['POST'];
    }

    /**
     *
     */
    public function adminAction()
    {
        $command = $this->prepareRequest();

        try {
            $response = $this->execute($command);
            $this->renderSuccess($response);
        } catch (\ErrorException $e) {
            $this->renderError($e->getMessage());
        }
    }

    /**
     *
     */
    public function userAction()
    {
        $this->adminAction();
    }

    /**
     * @param string $data
     * @param string $action
     * @return string $response
     * @throws \ErrorException
     */
    public function execute($data, $action = 'execute')
    {
        $command = sprintf('/usr/bin/imunify360-command-wrapper %s', $action);

        if ($this->isAdmin) {
            $command = 'sudo ' . $command;
        }

        $descriptorspec = array(  // will add pipes:
            0 => array("pipe", "r"),  // 0 => writeable handle connected to child stdin
            1 => array("pipe", "w"),  // 1 => readable handle connected to child stdout
            2 => array("pipe", "w"),  // 2 => readable handle connected to child stderr
        );
        $process = proc_open($command, $descriptorspec, $pipes);

        if (is_resource($process)) {
            fwrite($pipes[0], base64_encode($data));
            fclose($pipes[0]);

            $response = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
            fclose($pipes[1]);
            fclose($pipes[2]);

            $code = proc_close($process);
        } else {
            $error = '"proc_open" function is required for Imunify UI to work.' .
                ' Please remove it from "disable_functions" list in ' . php_ini_loaded_file();
            error_log($error);
            throw new \ErrorException($error);
        }

        if ($code) {
            throw new \ErrorException($response);
        }

        return $response;
    }

    /**
     * @param string $data
     */
    public function renderSuccess($data)
    {
        echo "HTTP/1.1 200 OK\r\n";
        echo "Content-Type: application/json; charset=utf-8\r\n\r\n";
        echo $data;
        exit(0);
    }

    /**
     * @param string $data
     */
    public function renderError($data)
    {
        $json = json_decode($data);
        if ($json && !isset($json->error)) {
            $this->renderSuccess($data);
        }
        echo "HTTP/1.1 502 Bad Gateway\r\n";
        echo "Content-Type: application/json; charset=utf-8\r\n\r\n";
        echo $data;
        exit(1);
    }

    /**
     * Not works
     * @param string $command
     */
    public function commandHeader($command, $user = null)
    {
        if (self::MODE !== 'prod') {
            echo "X-I360-COMMAND: {$this->escapeCommand($command)}\r\n";
            if ($user) {
                echo "X-I360-USER: {$this->escapeCommand($user)}\r\n";
            }
        }
    }

    public function getLang() {
        return $_SERVER['LANGUAGE'];
    }

    /**
     * @return string
     */
    protected function getUser()
    {
        return $_SERVER['USER'];
    }
}