Skip to content

Commit 527e4a9

Browse files
serghey-rodinserghey-rodin
committed
UI update
1 parent 0f7110b commit 527e4a9

File tree

139 files changed

+2046
-124
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

139 files changed

+2046
-124
lines changed

web/add/cron/index.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,12 @@
1010
// Check POST request
1111
if (!empty($_POST['ok'])) {
1212

13+
// Check token
14+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
15+
header('location: /login/');
16+
exit();
17+
}
18+
1319
// Check empty fields
1420
if ((!isset($_POST['v_min'])) || ($_POST['v_min'] == '')) $errors[] = __('minute');
1521
if ((!isset($_POST['v_hour'])) || ($_POST['v_hour'] == '')) $errors[] = __('hour');

web/add/db/index.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,12 @@
99
// Check POST request
1010
if (!empty($_POST['ok'])) {
1111

12+
// Check token
13+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
14+
header('location: /login/');
15+
exit();
16+
}
17+
1218
// Check empty fields
1319
if (empty($_POST['v_database'])) $errors[] = __('database');
1420
if (empty($_POST['v_dbuser'])) $errors[] = __('username');
@@ -91,7 +97,7 @@
9197

9298
// Flush field values on success
9399
if (empty($_SESSION['error_msg'])) {
94-
$_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',$user."_".$_POST['v_database'],$user."_".$_POST['v_database']);
100+
$_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database']));
95101
$_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>";
96102
unset($v_database);
97103
unset($v_dbuser);

web/add/dns/index.php

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,12 @@
1010
// Check POST request for dns domain
1111
if (!empty($_POST['ok'])) {
1212

13+
// Check token
14+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
15+
header('location: /login/');
16+
exit();
17+
}
18+
1319
// Check empty fields
1420
if (empty($_POST['v_domain'])) $errors[] = __('domain');
1521
if (empty($_POST['v_ip'])) $errors[] = __('ip');
@@ -70,7 +76,7 @@
7076

7177
// Flush field values on success
7278
if (empty($_SESSION['error_msg'])) {
73-
$_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
79+
$_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
7480
unset($v_domain);
7581
}
7682
}
@@ -79,6 +85,12 @@
7985
// Check POST request for dns record
8086
if (!empty($_POST['ok_rec'])) {
8187

88+
// Check token
89+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
90+
header('location: /login/');
91+
exit();
92+
}
93+
8294
// Check empty fields
8395
if (empty($_POST['v_domain'])) $errors[] = 'domain';
8496
if (empty($_POST['v_rec'])) $errors[] = 'record';
@@ -112,7 +124,7 @@
112124

113125
// Flush field values on success
114126
if (empty($_SESSION['error_msg'])) {
115-
$_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',$_POST[v_rec],$_POST[v_domain]);
127+
$_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain]));
116128
unset($v_domain);
117129
unset($v_rec);
118130
unset($v_val);

web/add/firewall/index.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,12 @@
1717
// Check POST request
1818
if (!empty($_POST['ok'])) {
1919

20+
// Check token
21+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
22+
header('location: /login/');
23+
exit();
24+
}
25+
2026
// Check empty fields
2127
if (empty($_POST['v_action'])) $errors[] = __('action');
2228
if (empty($_POST['v_protocol'])) $errors[] = __('protocol');

web/add/ip/index.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,12 @@
1616
// Check POST request
1717
if (!empty($_POST['ok'])) {
1818

19+
// Check token
20+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
21+
header('location: /login/');
22+
exit();
23+
}
24+
1925
// Check empty fields
2026
if (empty($_POST['v_ip'])) $errors[] = __('ip address');
2127
if (empty($_POST['v_netmask'])) $errors[] = __('netmask');
@@ -61,7 +67,7 @@
6167

6268
// Flush field values on success
6369
if (empty($_SESSION['error_msg'])) {
64-
$_SESSION['ok_msg'] = __('IP_CREATED_OK',$_POST['v_ip'],$_POST['v_ip']);
70+
$_SESSION['ok_msg'] = __('IP_CREATED_OK',htmlentities($_POST['v_ip']),htmlentities($_POST['v_ip']));
6571
unset($v_ip);
6672
unset($v_netmask);
6773
unset($v_name);

web/add/mail/index.php

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,12 @@
1111
// Check POST request for mail domain
1212
if (!empty($_POST['ok'])) {
1313

14+
// Check token
15+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
16+
header('location: /login/');
17+
exit();
18+
}
19+
1420
// Check empty fields
1521
if (empty($_POST['v_domain'])) $errors[] = __('domain');
1622
if (!empty($errors[0])) {
@@ -59,7 +65,7 @@
5965

6066
// Flush field values on success
6167
if (empty($_SESSION['error_msg'])) {
62-
$_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',$_POST['v_domain'],$_POST['v_domain']);
68+
$_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
6369
unset($v_domain);
6470
}
6571
}
@@ -68,6 +74,12 @@
6874
// Check POST request for mail account
6975
if (!empty($_POST['ok_acc'])) {
7076

77+
// Check token
78+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
79+
header('location: /login/');
80+
exit();
81+
}
82+
7183
// Check empty fields
7284
if (empty($_POST['v_domain'])) $errors[] = __('domain');
7385
if (empty($_POST['v_account'])) $errors[] = __('account');
@@ -156,7 +168,7 @@
156168

157169
// Flush field values on success
158170
if (empty($_SESSION['error_msg'])) {
159-
$_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',strtolower($_POST['v_account']),$_POST[v_domain],strtolower($_POST['v_account']),$_POST[v_domain]);
171+
$_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]));
160172
$_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
161173
unset($v_account);
162174
unset($v_password);

web/add/package/index.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,16 @@
1616
// Check POST request
1717
if (!empty($_POST['ok'])) {
1818

19+
// Check token
20+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
21+
header('location: /login/');
22+
exit();
23+
}
24+
1925
// Check empty fields
2026
if (empty($_POST['v_package'])) $errors[] = __('package');
2127
if (empty($_POST['v_web_template'])) $errors[] = __('web template');
22-
if (!empty($_SESSION['WEB_SYSTEM'])) {
28+
if (!empty($_SESSION['WEB_BACKEND'])) {
2329
if (empty($_POST['v_backend_template'])) $errors[] = __('backend template');
2430
}
2531
if (!empty($_SESSION['PROXY_SYSTEM'])) {
@@ -132,7 +138,7 @@
132138

133139
// Flush field values on success
134140
if (empty($_SESSION['error_msg'])) {
135-
$_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',$_POST['v_package'],$_POST['v_package']);
141+
$_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',htmlentities($_POST['v_package']),htmlentities($_POST['v_package']));
136142
unset($v_package);
137143
}
138144

web/add/user/index.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,12 @@
1616
// Check POST request
1717
if (!empty($_POST['ok'])) {
1818

19+
// Check token
20+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
21+
header('location: /login/');
22+
exit();
23+
}
24+
1925
// Check empty fields
2026
if (empty($_POST['v_username'])) $errors[] = __('user');
2127
if (empty($_POST['v_password'])) $errors[] = __('password');
@@ -93,8 +99,8 @@
9399

94100
// Flush field values on success
95101
if (empty($_SESSION['error_msg'])) {
96-
$_SESSION['ok_msg'] = __('USER_CREATED_OK',$_POST['v_username'],$_POST['v_username']);
97-
$_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".$_POST['v_username'].">" . __('login as') ." ".$_POST['v_username']. "</a>";
102+
$_SESSION['ok_msg'] = __('USER_CREATED_OK',htmlentities($_POST['v_username']),htmlentities($_POST['v_username']));
103+
$_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".htmlentities($_POST['v_username']).">" . __('login as') ." ".htmlentities($_POST['v_username']). "</a>";
98104
unset($v_username);
99105
unset($v_password);
100106
unset($v_email);

web/add/web/index.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,12 @@
1010
// Check POST request
1111
if (!empty($_POST['ok'])) {
1212

13+
// Check token
14+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
15+
header('location: /login/');
16+
exit();
17+
}
18+
1319
// Check for empty fields
1420
if (empty($_POST['v_domain'])) $errors[] = __('domain');
1521
if (empty($_POST['v_ip'])) $errors[] = __('ip');
@@ -314,7 +320,7 @@
314320
}
315321

316322
if (!empty($_SESSION['error_msg']) && $domain_added) {
317-
$_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
323+
$_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
318324
$_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
319325
$url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain']));
320326
header('Location: ' . $url);
@@ -324,7 +330,7 @@
324330

325331
// Flush field values on success
326332
if (empty($_SESSION['error_msg'])) {
327-
$_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
333+
$_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
328334
unset($v_domain);
329335
unset($v_aliases);
330336
unset($v_ssl);

web/bulk/backup/index.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,12 @@
99
$backup = $_POST['backup'];
1010
$action = $_POST['action'];
1111

12+
// Check token
13+
if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
14+
header('location: /login/');
15+
exit();
16+
}
17+
1218
switch ($action) {
1319
case 'delete': $cmd='v-delete-user-backup';
1420
break;

0 commit comments

Comments
 (0)