<?php use function Hestiacp\quoteshellarg\quoteshellarg; ob_start(); // Main include include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php"; // Check token verify_csrf($_POST); // Check user if ($_SESSION["userContext"] != "admin") { header("Location: /list/user"); exit(); } if (empty($_POST["ipchain"])) { header("Location: /list/firewall/banlist/"); exit(); } if (empty($_POST["action"])) { header("Location: /list/firewall/banlist/"); exit(); } $ipchain = $_POST["ipchain"]; $action = $_POST["action"]; switch ($action) { case "delete": $cmd = "v-delete-firewall-ban"; break; default: header("Location: /list/firewall/banlist/"); exit(); } foreach ($ipchain as $value) { [$ip, $chain] = explode(":", $value); $v_ip = quoteshellarg($ip); $v_chain = quoteshellarg($chain); exec(HESTIA_CMD . $cmd . " " . $v_ip . " " . $v_chain, $output, $return_var); } header("Location: /list/firewall/banlist");