further password disclosure avoidance

action.sh

@@ -31,7 +31,7 @@ source config.cfg
 
 ACTION="$1"   # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
 USER="$2"
-PASS="$3"
+PASS=$(cat "$3")
 
 ## FUNCTIONS
 function checkaction {

submit.php

@@ -20,17 +20,23 @@ $USER = $_POST['user'];
 $PASS = $_POST['pass'];
 $SURE = $_POST['sure'];
 
+// Sanitize variables
+$ACTION = escapeshellarg($ACTION);
+$USER = escapeshellarg($USER);
+$PASS = escapeshellarg($PASS);
+
 $RAND = mt_rand(100000, 999999);
-$PASSFILE = $RAND . 'pass';
+$PASSFILE = $RAND . '.pass';
 file_put_contents($PASSFILE, $PASS);
 
+
 // Checks if checkbox is activated (default at most forms)
 if($SURE == "yes")
 {
-  // Creates full command but sanitizes the arguments first
-  $command = '/bin/bash action.sh ' . escapeshellarg($ACTION) . ' ' . escapeshellarg($USER) . ' ' . escapeshellarg($PASS);
+  // Creates full command
+  $command = '/bin/bash action.sh ' . $ACTION . ' ' . $USER . ' ' . $PASS;
 
-  // Execute sanitized command and give output
+  // Execute command and give output
   $output = shell_exec($command);
   echo "<pre>$output</pre>";
 }
@@ -39,6 +45,8 @@ else
   echo "You did not hit the necessary checkbox. Aborting.";
 }
 
+//unlink($PASSFILE);
+
 ?>
 
 </tr></td></table>