public function updatePackage()
{
$expected = ['package', 'supplier', 'type', 'version'];
if (!\Airship\all_keys_exist($expected, $_POST)) {
\Airship\json_response(['status' => 'ERROR', 'message' => \__('Incomplete request.')]);
}
try {
$filter = new SkyportFilter();
$_POST = $filter($_POST);
} catch (\TypeError $ex) {
$this->log("Input violation", LogLevel::ALERT, \Airship\throwableToArray($ex));
\Airship\json_response(['status' => 'ERROR', 'message' => \__('Invalid input.')]);
}
/**
* @security We need to guarantee RCE isn't possible:
*/
$args = \implode(' ', [\escapeshellarg(Util::charWhitelist($_POST['type'], Util::PRINTABLE_ASCII)), \escapeshellarg(Util::charWhitelist($_POST['supplier'], Util::PRINTABLE_ASCII) . '/' . Util::charWhitelist($_POST['package'], Util::PRINTABLE_ASCII)), \escapeshellarg(Util::charWhitelist($_POST['version'], Util::PRINTABLE_ASCII))]);
$output = \shell_exec('php -dphar.readonly=0 ' . ROOT . '/CommandLine/update_one.sh ' . $args);
\Airship\json_response(['status' => 'OK', 'message' => $output]);
}