File tree Expand file tree Collapse file tree 4 files changed +26
-3
lines changed
Expand file tree Collapse file tree 4 files changed +26
-3
lines changed Original file line number Diff line number Diff line change 1010 exit ();
1111}
1212
13+ // Check if administrator is viewing system log (currently 'admin' user)
14+ if (($ _SESSION 'userContext ' ] === "admin " ) && ($ _GET 'user ' ]) === 'admin ' ) {
15+ $ user$ _GET 'user ' ];
16+ $ token$ _SESSION 'token ' ];
17+ }
18+
19+ // Set correct page reload target
20+ if (($ _SESSION 'userContext ' ] === "admin " ) && ($ _GET 'user ' ]) === 'admin ' ) {
21+ header ("Location: /list/log/?user= $ user&token= $ token );
22+ } else {
23+ header ("Location: /list/log/ " );
24+ }
25+
1326// Clear log
14- header ("Location: /list/log/ " );
1527$ v_usernameescapeshellarg ($ user
1628exec (HESTIA_CMD ."v-delete-user-log " .$ v_username" " .$ output$ return_var
1729check_return_code ($ return_var$ output
1830unset($ output
31+ unset($ token
1932
2033// Render page
2134render_page ($ user$ TAB 'list_log ' );
Original file line number Diff line number Diff line change 77
88// Data
99if (($ _SESSION 'userContext ' ] === "admin " ) && ($ _GET 'user ' ])) {
10+ // Check token
11+ if ((!isset ($ _GET 'token ' ])) || ($ _SESSION 'token ' ] != $ _GET 'token ' ])) {
12+ header ('location: /login/ ' );
13+ exit ();
14+ }
1015 $ userescapeshellarg ($ _GET 'user ' ]);
1116}
17+
1218exec (HESTIA_CMD ."v-list-user-log $ user json " , $ output$ return_var
1319check_error ($ return_var
1420$ datajson_decode (implode ('' , $ outputtrue );
Original file line number Diff line number Diff line change 2020 < div class ="actions-panel display-inline-block " key-action ="js ">
2121 < a class ="data-controls do_delete ui-button danger cancel ">
2222 < i class ="do_delete fas fa-times-circle status-icon red "> </ i > < ?=_('Delete')?>
23- < input type ="hidden " name ="delete_url " value ="/delete/log/?token=<?=$_SESSION['token']?> " />
23+ < ? if (($_SESSION['userContext'] === 'admin') && ($_GET['user'] === 'admin')) {?>
24+ < input type ="hidden " name ="delete_url " value ="/delete/log/?user=admin&token=<?=$_SESSION['token']?> " />
25+ < ? } else { ?>
26+ < input type ="hidden " name ="delete_url " value ="/delete/log/?token=<?=$_SESSION['token']?> " />
27+ < ? } ?>
2428 < div class ="confirmation-text-delete hidden " title ="<?=_('Confirmation')?> ">
2529 < p class ="confirmation "> < ?=_('DELETE_LOGS_CONFIRMATION')?> </ p >
2630 </ div >
Original file line number Diff line number Diff line change 88 < a href ="/list/firewall/ " class ="ui-button cancel " dir ="ltr "> < i class ="fas fa-shield-alt status-icon red "> </ i > < ?=_('Firewall')?> </ a >
99 < ?php }?>
1010 < a href ="/list/updates/ " class ="ui-button cancel " dir ="ltr "> < i class ="fas fa-sync status-icon green "> </ i > < ?=_('Updates')?> </ a >
11- < a href ="/list/log/?user=admin " class ="ui-button cancel " dir ="ltr "> < i class ="fas fa-book-reader status-icon lightblue "> </ i > < ?=_('Logs')?> </ a >
11+ < a href ="/list/log/?user=admin&token=<?=$_SESSION['token']?> " class ="ui-button cancel " dir ="ltr "> < i class ="fas fa-book-reader status-icon lightblue "> </ i > < ?=_('Logs')?> </ a >
1212 < div class ="actions-panel display-inline-block " key-action ="js ">
1313 < a class ="data-controls do_servicerestart ui-button danger cancel ">
1414 < i class ="do_servicerestart fas fa-undo status-icon red "> </ i > < ?=_('Restart')?>
You can’t perform that action at this time.
0 commit comments