From 4dd99a149c3768427f25badd431f316f48bee196 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=97=E5=AD=90?= <i@haozi.net>
Date: Sun, 13 Aug 2023 15:50:22 +0800
Subject: [PATCH] feat: escape log output

---
 app/http/controllers/plugins/mysql57/mysql57_controller.go | 4 ++--
 app/http/controllers/plugins/mysql80/mysql80_controller.go | 4 ++--
 app/http/controllers/plugins/php74/php74_controller.go     | 4 ++--
 app/http/controllers/plugins/php80/php80_controller.go     | 4 ++--
 app/http/controllers/plugins/php81/php81_controller.go     | 4 ++--
 app/http/controllers/plugins/php82/php82_controller.go     | 4 ++--
 app/services/website.go                                    | 2 +-
 pkg/tools/string.go                                        | 6 ++++++
 8 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/app/http/controllers/plugins/mysql57/mysql57_controller.go b/app/http/controllers/plugins/mysql57/mysql57_controller.go
index 972bc841..5c56c82e 100644
--- a/app/http/controllers/plugins/mysql57/mysql57_controller.go
+++ b/app/http/controllers/plugins/mysql57/mysql57_controller.go
@@ -247,7 +247,7 @@ func (c *Mysql57Controller) ErrorLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/mysql/mysql-error.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/mysql/mysql-error.log"))
 	controllers.Success(ctx, log)
 }
 
@@ -267,7 +267,7 @@ func (c *Mysql57Controller) SlowLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/mysql/mysql-slow.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/mysql/mysql-slow.log"))
 	controllers.Success(ctx, log)
 }
 
diff --git a/app/http/controllers/plugins/mysql80/mysql80_controller.go b/app/http/controllers/plugins/mysql80/mysql80_controller.go
index bf86d37c..30cc79cd 100644
--- a/app/http/controllers/plugins/mysql80/mysql80_controller.go
+++ b/app/http/controllers/plugins/mysql80/mysql80_controller.go
@@ -247,7 +247,7 @@ func (c *Mysql80Controller) ErrorLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/mysql/mysql-error.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/mysql/mysql-error.log"))
 	controllers.Success(ctx, log)
 }
 
@@ -267,7 +267,7 @@ func (c *Mysql80Controller) SlowLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/mysql/mysql-slow.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/mysql/mysql-slow.log"))
 	controllers.Success(ctx, log)
 }
 
diff --git a/app/http/controllers/plugins/php74/php74_controller.go b/app/http/controllers/plugins/php74/php74_controller.go
index 9d0f42a6..1fe1396e 100644
--- a/app/http/controllers/plugins/php74/php74_controller.go
+++ b/app/http/controllers/plugins/php74/php74_controller.go
@@ -188,7 +188,7 @@ func (c *Php74Controller) ErrorLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log"))
 	controllers.Success(ctx, log)
 }
 
@@ -197,7 +197,7 @@ func (c *Php74Controller) SlowLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log"))
 	controllers.Success(ctx, log)
 }
 
diff --git a/app/http/controllers/plugins/php80/php80_controller.go b/app/http/controllers/plugins/php80/php80_controller.go
index ac92614d..1f394fbd 100644
--- a/app/http/controllers/plugins/php80/php80_controller.go
+++ b/app/http/controllers/plugins/php80/php80_controller.go
@@ -188,7 +188,7 @@ func (c *Php80Controller) ErrorLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log"))
 	controllers.Success(ctx, log)
 }
 
@@ -197,7 +197,7 @@ func (c *Php80Controller) SlowLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log"))
 	controllers.Success(ctx, log)
 }
 
diff --git a/app/http/controllers/plugins/php81/php81_controller.go b/app/http/controllers/plugins/php81/php81_controller.go
index f353c2af..d78e9ffa 100644
--- a/app/http/controllers/plugins/php81/php81_controller.go
+++ b/app/http/controllers/plugins/php81/php81_controller.go
@@ -188,7 +188,7 @@ func (c *Php81Controller) ErrorLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log"))
 	controllers.Success(ctx, log)
 }
 
@@ -197,7 +197,7 @@ func (c *Php81Controller) SlowLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log"))
 	controllers.Success(ctx, log)
 }
 
diff --git a/app/http/controllers/plugins/php82/php82_controller.go b/app/http/controllers/plugins/php82/php82_controller.go
index 08d08ed7..d5f5783f 100644
--- a/app/http/controllers/plugins/php82/php82_controller.go
+++ b/app/http/controllers/plugins/php82/php82_controller.go
@@ -188,7 +188,7 @@ func (c *Php82Controller) ErrorLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/php-fpm.log"))
 	controllers.Success(ctx, log)
 }
 
@@ -197,7 +197,7 @@ func (c *Php82Controller) SlowLog(ctx http.Context) {
 		return
 	}
 
-	log := tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log")
+	log := tools.Escape(tools.ExecShell("tail -n 100 /www/server/php/" + c.version + "/var/log/slow.log"))
 	controllers.Success(ctx, log)
 }
 
diff --git a/app/services/website.go b/app/services/website.go
index 11d1844b..a8f66f2a 100644
--- a/app/services/website.go
+++ b/app/services/website.go
@@ -340,7 +340,7 @@ func (r *WebsiteImpl) GetConfig(id int) (WebsiteSetting, error) {
 	}
 
 	setting.Rewrite = tools.ReadFile("/www/server/vhost/rewrite/" + website.Name + ".conf")
-	setting.Log = tools.ExecShell(`tail -n 100 '/www/wwwlogs/` + website.Name + `.log'`)
+	setting.Log = tools.Escape(tools.ExecShell(`tail -n 100 '/www/wwwlogs/` + website.Name + `.log'`))
 
 	return setting, nil
 }
diff --git a/pkg/tools/string.go b/pkg/tools/string.go
index b13f776a..47175d6b 100644
--- a/pkg/tools/string.go
+++ b/pkg/tools/string.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"strings"
+	"text/template"
 	"unicode/utf8"
 )
 
@@ -78,3 +79,8 @@ func Cut(str, begin, end string) string {
 
 	return string([]rune(str)[b:e])
 }
+
+// Escape 转义字符串
+func Escape(str string) string {
+	return template.HTMLEscapeString(str)
+}