Skip to content

Commit 74f4ead

Browse files
author
Kristan Kenney
committed
Fix viewing/deletion of SSH keys without impersonation
1 parent 75a4b58 commit 74f4ead

File tree

3 files changed

+13
-5
lines changed

3 files changed

+13
-5
lines changed

web/delete/key/index.php

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,16 @@
55
session_start();
66
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
77

8-
if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
9-
$v_user=$_GET['user'];
10-
$v_user = $user;
11-
}
12-
138
// Check token
149
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
1510
header('location: /login/');
1611
exit();
1712
}
1813

14+
if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
15+
$v_user = $_GET['user'];
16+
}
17+
1918
if (!empty($_GET['key'])) {
2019
$v_key = escapeshellarg(trim($_GET['key']));
2120
$v_user = escapeshellarg(trim($v_user));

web/list/key/index.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@
55
// Main include
66
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
77

8+
if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
9+
$user = htmlspecialchars($_GET['user']);
10+
}
11+
812
exec (HESTIA_CMD . "v-list-user-ssh-key ".escapeshellarg($user)." json", $output, $return_var);
913

1014
$data = json_decode(implode('', $output), true);

web/templates/admin/list_key.html

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,11 @@
3434
<div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
3535
<a id="delete_link_<?=$i?>" class="data-controls do_delete" title="<?=_('delete')?>">
3636
<i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
37+
<? if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
38+
<input type="hidden" name="delete_url" value="/delete/key/?user=<?=$_GET['user']?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
39+
<? } else { ?>
40+
<input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
41+
<? } ?>
3742
<input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
3843
<div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
3944
<p class="confirmation"><?=sprintf(_('DELETE_KEY_CONFIRM'),$key)?></p>

0 commit comments

Comments
 (0)