Ensure session token is passed when accessing edit dialogs

Kristan Kenney · Kristan Kenney · commit 2c427100c93e · 2019-05-10T22:03:58.000-03:00
diff --git a/web/templates/admin/list_backup.html b/web/templates/admin/list_backup.html
@@ -80,7 +80,7 @@
                     <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                       <div class="actions-panel clearfix">
                         <div class="actions-panel__col actions-panel__download shortcut-d" key-action="href"><a href="/download/backup/?backup=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-file-download status-icon lightblue status-icon dim"></i></a></div>
-                        <div class="actions-panel__col actions-panel__list shortcut-d" key-action="href"><a href="/list/backup/?backup=<?=$key?>"><i class="fas fa-undo status-icon green status-icon dim"></i></a></div>
+                        <div class="actions-panel__col actions-panel__list shortcut-d" key-action="href"><a href="/list/backup/?backup=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-undo status-icon green status-icon dim"></i></a></div>
                         <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
                           <a id="delete_link_<?=$i?>" class="data-controls do_delete">
                             <i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
diff --git a/web/templates/admin/list_cron.html b/web/templates/admin/list_cron.html
@@ -87,12 +87,12 @@
         <div class="clearfix l-unit__stat-col--left super-compact">
           <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="job[]" value="<?php echo $key ?>">
         </div>
-        <div class="clearfix l-unit__stat-col--left wide-5"><b><a href="/edit/cron/?job=<?=$data[$key]['JOB']?>"><?=htmlspecialchars($data[$key]['CMD'], ENT_NOQUOTES)?></a></b></div>
+        <div class="clearfix l-unit__stat-col--left wide-5"><b><a href="/edit/cron/?job=<?=$data[$key]['JOB']?>&token=<?=$_SESSION['token']?>"><?=htmlspecialchars($data[$key]['CMD'], ENT_NOQUOTES)?></a></b></div>
         <!-- START QUICK ACTION TOOLBAR AREA -->
         <div class="clearfix l-unit__stat-col--left compact-2 text-right">
           <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
             <div class="actions-panel clearfix">
-              <div class="actions-panel__col actions-panel__download shortcut-d" key-action="href"><a href="/edit/cron/?job=<?=$data[$key]['JOB']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+              <div class="actions-panel__col actions-panel__download shortcut-d" key-action="href"><a href="/edit/cron/?job=<?=$data[$key]['JOB']?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
                 <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                   <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
                     <i class="fas fa-pause status-icon highlight status-icon dim do_<?=$spnd_action?>"></i>
diff --git a/web/templates/admin/list_db.html b/web/templates/admin/list_db.html
@@ -121,12 +121,12 @@
                 <div class="clearfix l-unit__stat-col--left super-compact">
                   <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="database[]" value="<?php echo $key ?>">
                 </div>
-                <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/db/?database=<?=$key?>"><?=$key?></a></b></div>
+                <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/db/?database=<?=$key?>&token=<?=$_SESSION['token']?>"><?=$key?></a></b></div>
                 <!-- START QUICK ACTION TOOLBAR AREA -->
                 <div class="clearfix l-unit__stat-col--left text-right compact-2">
                       <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                           <div class="actions-panel clearfix">
-                            <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/db/?database=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                            <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/db/?database=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
                             <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                               <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
                                 <i class="fas fa-pause status-icon highlight status-icon dim do_<?=$spnd_action?>"></i>
diff --git a/web/templates/admin/list_dns.html b/web/templates/admin/list_dns.html
@@ -82,15 +82,15 @@
               <div class="clearfix l-unit__stat-col--left super-compact">
                 <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="domain[]" value="<?php echo $key ?>">
               </div>
-              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/list/dns/?domain=<?=$key?>"><?=$key?></a></b></div>
+              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/list/dns/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><?=$key?></a></b></div>
               <!-- START QUICK ACTION TOOLBAR AREA -->
               <div class="clearfix l-unit__stat-col--left text-right">
                   <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                   <div class="actions-panel clearfix">
 
-                    <div class="actions-panel__col actions-panel__logs shortcut-n" key-action="href"><a href="/add/dns/?domain=<?=$key?>"><i class="fas fa-plus-circle status-icon green status-icon dim"></i></a></div>
-                    <div class="actions-panel__col actions-panel__edit shortcut-l" key-action="href"><a href="/list/dns/?domain=<?=$key?>"><i class="fas fa-list status-icon lightblue status-icon dim"></i></div>
-                    <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                    <div class="actions-panel__col actions-panel__logs shortcut-n" key-action="href"><a href="/add/dns/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-plus-circle status-icon green status-icon dim"></i></a></div>
+                    <div class="actions-panel__col actions-panel__edit shortcut-l" key-action="href"><a href="/list/dns/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-list status-icon lightblue status-icon dim"></i></div>
+                    <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
 
                     <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                       <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
diff --git a/web/templates/admin/list_dns_rec.html b/web/templates/admin/list_dns_rec.html
@@ -71,12 +71,12 @@
             <div class="clearfix l-unit__stat-col--left super-compact">
               <input id="check<?=$data[$key]['ID']?>" class="ch-toggle" type="checkbox" name="record[]" value="<?=$data[$key]['ID']?>">
             </div>
-            <div class="clearfix l-unit__stat-col--left small"><b><a href="/edit/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>"><? echo substr($data[$key]['RECORD'], 0, 12); if(strlen($data[$key]['RECORD']) > 12 ) echo '...'; ?></a></b></div>
+            <div class="clearfix l-unit__stat-col--left small"><b><a href="/edit/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>"><? echo substr($data[$key]['RECORD'], 0, 12); if(strlen($data[$key]['RECORD']) > 12 ) echo '...'; ?></a></b></div>
             <!-- START QUICK ACTION TOOLBAR AREA -->
             <div class="clearfix l-unit__stat-col--left compact text-right">
               <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                 <div class="actions-panel clearfix">
-                  <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                  <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
                   <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
                     <a id="delete_link_<?=$i?>" class="data-controls do_delete">
                       <i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
diff --git a/web/templates/admin/list_firewall.html b/web/templates/admin/list_firewall.html
@@ -79,7 +79,7 @@
               <div class="clearfix l-unit__stat-col--left super-compact">
                 <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="rule[]" value="<?php echo $key ?>">
               </div>
-            <div class="clearfix l-unit__stat-col--left wide-2"><b><a href="/edit/firewall/?rule=<?=$key?>">
+            <div class="clearfix l-unit__stat-col--left wide-2"><b><a href="/edit/firewall/?rule=<?=$key?>&token=<?=$_SESSION['token']?>">
                 <? if($data[$key]['SUSPENDED'] == 'no'){ ?>
                   <? if ($data[$key]['ACTION'] == 'DROP') { ?>
                     <i class="fas fa-minus-circle status-icon red icon-pad-right"></i> <?=__($data[$key]['ACTION'])?>
@@ -99,7 +99,7 @@
             <div class="clearfix l-unit__stat-col--left compact text-right">
               <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                 <div class="actions-panel clearfix">
-                  <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/firewall/?rule=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                  <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/firewall/?rule=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
                         
                   <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                     <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
diff --git a/web/templates/admin/list_ip.html b/web/templates/admin/list_ip.html
@@ -71,12 +71,12 @@
               <div class="clearfix l-unit__stat-col--left super-compact">
                 <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="ip[]" value="<?=$key?>">
               </div>
-              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/ip/?ip=<?=$key?>"><?=$key?></a></b></div>
+              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/ip/?ip=<?=$key?>&token=<?=$_SESSION['token']?>"><?=$key?></a></b></div>
               <!-- START QUICK ACTION TOOLBAR AREA -->
               <div class="clearfix l-unit__stat-col--left compact text-right">
                     <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                         <div class="actions-panel clearfix">
-                          <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/ip/?ip=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                          <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/ip/?ip=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
                           <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
                             <a id="delete_link_<?=$i?>" class="data-controls do_delete">
                               <i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
diff --git a/web/templates/admin/list_mail.html b/web/templates/admin/list_mail.html
@@ -92,15 +92,15 @@
                   <div class="clearfix l-unit__stat-col--left super-compact">
                     <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="domain[]" value="<?php echo $key ?>">
                   </div>
-                  <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="?domain=<?=$key?>"><?=$key?></a></b></div>
+                  <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><?=$key?></a></b></div>
                   <!-- START QUICK ACTION TOOLBAR AREA -->
                   <div class="clearfix l-unit__stat-col--left text-right compact-4">
                       <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                           <div class="actions-panel clearfix">
-                            <div class="actions-panel__col actions-panel__logs shortcut-n" key-action="href"><a href="/add/mail/?domain=<?=$key?>"><i class="fas fa-plus-circle status-icon green status-icon dim"></i></a></div>
-                            <div class="actions-panel__col actions-panel__edit shortcut-l" key-action="href"><a href="?domain=<?=$key?>"><i class="fas fa-users status-icon blue status-icon dim"></i></div>
+                            <div class="actions-panel__col actions-panel__logs shortcut-n" key-action="href"><a href="/add/mail/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-plus-circle status-icon green status-icon dim"></i></a></div>
+                            <div class="actions-panel__col actions-panel__edit shortcut-l" key-action="href"><a href="?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-users status-icon blue status-icon dim"></i></div>
                             <div class="actions-panel__col actions-panel__edit" key-action="href"><a href="http://webmail.<?=$key?>/" target="_blank"><i class="fas fa-paper-plane status-icon lightblue status-icon dim"></i></div>
-                            <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                            <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
 
                             <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                               <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
diff --git a/web/templates/admin/list_mail_acc.html b/web/templates/admin/list_mail_acc.html
@@ -92,14 +92,14 @@
                 <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="account[]" value="<?php echo $key ?>">
                 <input type="hidden" value="<?php echo $_GET['domain'] ?>" name="domain" />
               </div>
-              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><?=$key."@".$_GET['domain']?></a></b></div>
+              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>"><?=$key."@".$_GET['domain']?></a></b></div>
 
               <!-- START QUICK ACTION TOOLBAR AREA -->
               <div class="clearfix l-unit__stat-col--left text-right compact-4">
                 <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
                   <div class="actions-panel clearfix">
                     <div class="actions-panel__col actions-panel__edit" key-action="href"><a href="http://webmail.<?=htmlspecialchars($_GET['domain'])?>/?_user=<?=$key?>@<?=htmlspecialchars($_GET['domain'])?>&&_action=login" target="_blank"><i class="fas fa-envelope-open-text status-icon maroon status-icon dim"></i></div>
-                    <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
+                    <div class="actions-panel__col actions-panel__logs shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></a></div>
 
                     <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js">
                       <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>">
diff --git a/web/templates/admin/list_services.html b/web/templates/admin/list_services.html
@@ -104,9 +104,9 @@
           <div class="clearfix l-unit__stat-col--left super-compact">
             <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="service[]" value="<?php echo $key ?>">
           </div>
-          <div class="clearfix l-unit__stat-col--left wide-2"><b><a href="/edit/server/<? echo $key ?>/"><?=$key?></a></b></div>
+          <div class="clearfix l-unit__stat-col--left wide-2"><b><a href="/edit/server/<? echo $key ?>/&token=<?=$_SESSION['token']?>"><?=$key?></a></b></div>
           <div class="clearfix l-unit__stat-col--left text-center compact-2">
-                  <a href="/edit/server/<? echo $key ?>/"><i class="fas fa-pencil-alt status-icon orange status-icon dim icon-large"></i></a>
+                  <a href="/edit/server/<? echo $key ?>/&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim icon-large"></i></a>
                   <a href="/restart/service/?srv=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="data-controls fas fa-undo status-icon highlight status-icon dim icon-large"></i></a>
                   <a href="/<?php echo $action ?>/service/?srv=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pause status-icon red status-icon dim icon-large"></i></a>
             </div>
diff --git a/web/templates/admin/list_web.html b/web/templates/admin/list_web.html
@@ -129,13 +129,13 @@
           <div class="clearfix l-unit__stat-col--left super-compact">
               <input id="check<?=$i?>" class="ch-toggle" type="checkbox" name="domain[]" value="<?=$key?>">
           </div>
-          <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/web/?domain=<?=$key?>" alt="<?=__('Edit')?>"><?=$key?></a></b></div>
+          <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/web/?domain=<?=$key?>&token=<?=$_SESSION['token']?>" alt="<?=__('Edit')?>"><?=$key?></a></b></div>
           <!-- START QUICK ACTION TOOLBAR AREA -->
           <div class="clearfix l-unit__stat-col--left compact-5 text-right">
             <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
               <div class="actions-panel clearfix">
                 <div class="actions-panel__col actions-panel__view" key-action="href"><a href="http://<?=$key?>/" target="_blank"><i class="fas fa-external-link-square-alt status-icon lightblue status-icon dim"></i></div>
-                <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/web/?domain=<?=$key?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></div>
+                <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/web/?domain=<?=$key?>&token=<?=$_SESSION['token']?>"><i class="fas fa-pencil-alt status-icon orange status-icon dim"></i></div>
                 <div class="actions-panel__col actions-panel__logs shortcut-l" key-action="href"><a href="/list/web-log/?domain=<?php echo $key ?>&type=access#"><i class="fas fa-binoculars status-icon purple status-icon dim"></i></a></div>
                 <? if (!empty($data[$key]['STATS'])) { ?>
                   <div class="actions-panel__col actions-panel__logs shortcut-w" key-action="href"><a href="http://<?=$key?>/vstats/"  target="_blank"><i class="fas fa-chart-bar status-icon maroon status-icon dim"></i></a></div>
