ghzhost
diff --git a/‎web/bulk/web/index.php‎
Lines changed: 8 additions & 10 deletions b/‎web/bulk/web/index.php‎
Lines changed: 8 additions & 10 deletions
diff --git a/‎web/edit/dns/index.php‎
Lines changed: 1 addition & 4 deletions b/‎web/edit/dns/index.php‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎web/edit/user/index.php‎
Lines changed: 2 additions & 9 deletions b/‎web/edit/user/index.php‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎web/list/log/index.php‎
Lines changed: 4 additions & 6 deletions b/‎web/list/log/index.php‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎web/locale/en/LC_MESSAGES/hestiacp.mo‎
1 Byte b/‎web/locale/en/LC_MESSAGES/hestiacp.mo‎
1 Byte
diff --git a/‎web/locale/it/LC_MESSAGES/hestiacp.mo‎
1.39 KB b/‎web/locale/it/LC_MESSAGES/hestiacp.mo‎
1.39 KB
diff --git a/‎web/locale/pl/LC_MESSAGES/hestiacp.mo‎
861 Bytes b/‎web/locale/pl/LC_MESSAGES/hestiacp.mo‎
861 Bytes
diff --git a/‎web/locale/pt/LC_MESSAGES/hestiacp.mo‎
885 Bytes b/‎web/locale/pt/LC_MESSAGES/hestiacp.mo‎
885 Bytes
diff --git a/‎web/locale/tr/LC_MESSAGES/hestiacp.mo‎
862 Bytes b/‎web/locale/tr/LC_MESSAGES/hestiacp.mo‎
862 Bytes
@@ -1,16 +1,14 @@
 <?php
+
 // Init
-error_reporting(NULL);
+error_reporting(null);
 ob_start();
 session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Check token
-if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
-    header('location: /login/');
-    exit();
-}
+verify_csrf($_POST);
 
 $domain = $_POST['domain'];
 $action = $_POST['action'];
@@ -37,15 +35,15 @@
 
 foreach ($domain as $value) {
     $value = escapeshellarg($value);
-    exec (HESTIA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
+    exec(HESTIA_CMD.$cmd." ".$user." ".$value." no", $output, $return_var);
     $restart='yes';
 }
 
 if (isset($restart)) {
-    exec (HESTIA_CMD."v-restart-web", $output, $return_var);
-    exec (HESTIA_CMD."v-restart-proxy", $output, $return_var);
-    exec (HESTIA_CMD."v-restart-dns", $output, $return_var);
-    exec (HESTIA_CMD."v-restart-web-backend", $output, $return_var);
+    exec(HESTIA_CMD."v-restart-web", $output, $return_var);
+    exec(HESTIA_CMD."v-restart-proxy", $output, $return_var);
+    exec(HESTIA_CMD."v-restart-dns", $output, $return_var);
+    exec(HESTIA_CMD."v-restart-web-backend", $output, $return_var);
 }
 
 header("Location: /list/web/");
@@ -150,10 +150,7 @@
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
 
     // Check token
-    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
-        header('location: /login/');
-        exit();
-    }
+    verify_csrf($_POST);
 
     // Protect input
     $v_domain = escapeshellarg($_POST['v_domain']);
 
@@ -29,11 +29,8 @@
     exit;
 }
 
-// Ensure token is passed before loading page
-if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
-    header('location: /login/');
-    exit();
-}
+// Check token
+verify_csrf($_GET);
 
 // List user
 exec(HESTIA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var);
@@ -111,10 +108,6 @@
 $php_versions = json_decode(implode('', $output), true);
 unset($output);
 
-
-
-// Are you admin?
-
 // Check POST request
 if (!empty($_POST['save'])) {
 
 
@@ -1,5 +1,6 @@
 <?php
-error_reporting(NULL);
+
+error_reporting(null);
 if ($_GET['user'] === 'system') {
     $TAB = 'SERVER';
 } else {
@@ -18,14 +19,11 @@
 // Data
 if (($_SESSION['userContext'] === "admin") && (!empty($_GET['user']))) {
     // Check token
-    if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
-        header('location: /login/');
-        exit();
-    }
+    verify_csrf($_GET);
     $user=escapeshellarg($_GET['user']);
 }
 
-exec (HESTIA_CMD."v-list-user-log $user json", $output, $return_var);
+exec(HESTIA_CMD."v-list-user-log $user json", $output, $return_var);
 check_error($return_var);
 $data = json_decode(implode('', $output), true);
 $data = array_reverse($data);