Skip to content

Commit 06628c5

Browse files
jaapmarcusjaapmarcus
authored
Fix hestiacp#3199 redirect to web list when editing domain accessed via search (hestiacp#3208)
1 parent c65edba commit 06628c5

File tree

2 files changed

+24
-10
lines changed

2 files changed

+24
-10
lines changed

web/login/index.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,12 @@
4747
// Reset account details for File Manager to impersonated user
4848
unset($_SESSION["_sf2_attributes"]);
4949
unset($_SESSION["_sf2_meta"]);
50+
if (!empty($_GET["edit_link"])) {
51+
$edit_link = urldecode($_GET["edit_link"]);
52+
$url = $edit_link . "&token=" . $_SESSION["token"];
53+
header("Location: " . $url);
54+
die();
55+
}
5056
header("Location: /login/");
5157
} else {
5258
# User doesn't exists

web/templates/pages/list_search.php

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@
6969
}
7070
$uniq_id .= sha1($value['RESULT']);
7171
?>
72-
<div class="l-unit <?php if($status == 'suspended') echo 'l-unit--suspended'; if($_COOKIE[$uniq_id] == 1) echo ' l-unit--starred'; ?> animate__animated animate__fadeIn" id="web-unit-<?=$i?>" uniq-id="<?=$uniq_id?>" sort-date="<?=strtotime($value['DATE'].' '.$value['TIME'])?>" sort-name="<?=$value['RESULT']?>" sort-type="<?=_($object)?>" sort-owner="<?=$value['USER']?>" sort-status="<?=$status?>"
72+
<div class="l-unit <?php if($status == 'suspended') echo 'l-unit--suspended'; ?> animate__animated animate__fadeIn" id="web-unit-<?=$i?>" uniq-id="<?=$uniq_id?>" sort-date="<?=strtotime($value['DATE'].' '.$value['TIME'])?>" sort-name="<?=$value['RESULT']?>" sort-type="<?=_($object)?>" sort-owner="<?=$value['USER']?>" sort-status="<?=$status?>"
7373
style="<?php if (($_SESSION['POLICY_SYSTEM_HIDE_ADMIN'] === 'yes') && ($value['USER']) === 'admin') { echo 'display: none;';}?>">
7474

7575
<div class="l-unit__col l-unit__col--right">
@@ -109,27 +109,35 @@
109109
<div class="clearfix l-unit__stat-col--left wide-5 truncate">
110110
<?php
111111
if ($value['KEY'] == 'RECORD') {
112-
$edit_lnk = '/edit/'.$value['TYPE'].'/?domain='.$value['PARENT'].'&record_id='.$value['LINK'].'&user='.$value['USER'].'&token='.$_SESSION['token'].'';
112+
$edit_lnk = '/edit/'.$value['TYPE'].'/?domain='.$value['PARENT'].'&record_id='.$value['LINK'].'&user='.$value['USER'];
113113
}
114114
if ($value['KEY'] == 'ACCOUNT') {
115-
$edit_lnk = '/edit/'.$value['TYPE'].'/?domain='.$value['PARENT'].'&account='.$value['LINK'].'&user='.$value['USER'].'&token='.$_SESSION['token'].'';
115+
$edit_lnk = '/edit/'.$value['TYPE'].'/?domain='.$value['PARENT'].'&account='.$value['LINK'].'&user='.$value['USER'];
116116
}
117117
if ($value['KEY'] == 'JOB') {
118-
$edit_lnk = '/edit/'.$value['TYPE'].'/?job='.$value['LINK'].'&user='.$value['USER'].'&token='.$_SESSION['token'].'';
118+
$edit_lnk = '/edit/'.$value['TYPE'].'/?job='.$value['LINK'].'&user='.$value['USER'];
119119
}
120120
if ($value['KEY'] == 'DATABASE') {
121-
$edit_lnk = '/edit/'.$value['TYPE'].'/?database='.$value['RESULT'].'&user='.$value['USER'].'&token='.$_SESSION['token'].'';
121+
$edit_lnk = '/edit/'.$value['TYPE'].'/?database='.$value['RESULT'].'&user='.$value['USER'];
122122
}
123123
if (($value['KEY'] != 'RECORD') && ($value['KEY'] != 'ACCOUNT') && ($value['KEY'] != 'JOB') && ($value['KEY'] != 'DATABASE') ) {
124-
$edit_lnk = '/edit/'.$value['TYPE'].'/?'.strtolower($value['KEY']).'='.$value['RESULT'].'&user='.$value['USER'].'&token='.$_SESSION['token'].'';
124+
$edit_lnk = '/edit/'.$value['TYPE'].'/?'.strtolower($value['KEY']).'='.$value['RESULT'].'&user='.$value['USER'];
125125
}
126126
?>
127127
<b>
128-
<?php if (($_SESSION['userContext'] === 'admin') && ($_SESSION['user'] !== 'admin') && ($value['USER'] === 'admin') && ($_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN'] === 'yes')) {?>
128+
<?php if (($_SESSION['userContext'] === 'admin') && ($_SESSION['user'] !== 'admin') && ($value['USER'] === 'admin') && ($_SESSION['POLICY_SYSTEM_PROTECTED_ADMIN'] === 'yes')) { ?>
129129
<?=$value['RESULT']?>
130-
<?} else {?>
131-
<a href="<?=$edit_lnk; ?>"><?=$value['RESULT']?></a>
132-
<?php } ?>
130+
<?} else {
131+
if($value['USER'] == $_SESSION['user']){
132+
?>
133+
<a href="<?=$edit_lnk.'&token='.$_SESSION['token'];?>"><?=$value['RESULT']?></a>
134+
<?php
135+
}else{
136+
?>
137+
<a href="/login/?loginas=<?=$value['USER']?>&token=<?=$_SESSION['token']?>&edit_link=<?=urlencode($edit_lnk);?>""><?=$value['RESULT']?></a>
138+
<?php
139+
}
140+
} ?>
133141
</b>
134142
</div>
135143
<div class="clearfix l-unit__stat-col--left u-text-right compact-3">

0 commit comments

Comments
 (0)