|
14 | 14 |
|
15 | 15 | // Login as someone else |
16 | 16 | if (isset($_SESSION['user'])) { |
| 17 | + |
| 18 | + // Default location |
17 | 19 | if (empty($_GET['loginas']) ){ |
18 | 20 | header("Location: /list/web/"); |
19 | 21 | exit; |
20 | 22 | } |
| 23 | + |
21 | 24 | if ($_SESSION['userContext'] === 'admin' && !empty($_GET['loginas'])) { |
22 | | - exec (HESTIA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var); |
23 | | - if ( $return_var == 0 ) { |
24 | | - $data = json_decode(implode('', $output), true); |
25 | | - reset($data); |
26 | | - $_SESSION['look'] = key($data); |
27 | | - $_SESSION['look_alert'] = 'yes'; |
28 | | - # Remove current path for filemanager |
29 | | - unset($_SESSION['_sf2_attributes']); |
30 | | - unset($_SESSION['_sf2_meta']); |
| 25 | + // Ensure token is passed and matches before granting user impersonation |
| 26 | + if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) { |
| 27 | + header('location: /list/user/'); |
| 28 | + exit(); |
| 29 | + } else { |
| 30 | + exec (HESTIA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var); |
| 31 | + if ( $return_var == 0 ) { |
| 32 | + $data = json_decode(implode('', $output), true); |
| 33 | + reset($data); |
| 34 | + $_SESSION['look'] = key($data); |
| 35 | + $_SESSION['look_alert'] = 'yes'; |
| 36 | + # Remove current path for filemanager |
| 37 | + unset($_SESSION['_sf2_attributes']); |
| 38 | + unset($_SESSION['_sf2_meta']); |
| 39 | + } |
31 | 40 | } |
32 | 41 | } |
| 42 | + |
| 43 | + // Set correct entry point into the panel |
33 | 44 | if ($_SESSION['userContext'] === 'admin' && empty($_GET['loginas'])) { |
34 | 45 | header("Location: /list/user/"); |
35 | 46 | } else { |
|
0 commit comments