Merge pull request hestiacp#2109 from jaapmarcus/fix/logout-csrf

Add csrf check logout

Author: ScIT-Raphael

web/logout/index.php

@@ -1,30 +1,31 @@
 <?php
+
 session_start();
 
 // Main include
 include($_SERVER['DOCUMENT_ROOT'] . '/inc/main.php');
+if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /list/user/');
+    exit();
+}
 
 if (!empty($_SESSION['look'])) {
-    if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
-        header('location: /list/user/');
-        exit();
-    }
     $v_user = escapeshellarg($_SESSION['look']);
     $v_impersonator = escapeshellarg($_SESSION['user']);
-    exec (HESTIA_CMD . "v-log-action system 'Warning' 'Security' 'User impersonation session ended (User: $v_user, Administrator: $v_impersonator)'", $output, $return_var);
+    exec(HESTIA_CMD . "v-log-action system 'Warning' 'Security' 'User impersonation session ended (User: $v_user, Administrator: $v_impersonator)'", $output, $return_var);
     unset($_SESSION['look']);
     # Remove current path for filemanager
     unset($_SESSION['_sf2_attributes']);
     unset($_SESSION['_sf2_meta']);
     header('Location: /');
 } else {
-    if ($_SESSION['token'] && $_SESSION['user']){
+    if ($_SESSION['token'] && $_SESSION['user']) {
         unset($_SESSION['userTheme']);
         $v_user = escapeshellarg($_SESSION['user']);
         $v_session_id = escapeshellarg($_SESSION['token']);
         exec(HESTIA_CMD . 'v-log-user-logout ' . $v_user . ' ' . $v_session_id, $output, $return_var);
     }
-    
+
     unset($_SESSION);
     session_unset();
     session_destroy();

web/templates/includes/panel.html

@@ -86,7 +86,7 @@
 			<?php if (isset($_SESSION['look']) && (!empty($_SESSION['look']))) { ?>
 				<div class="l-menu__item"><a href="/logout/?token=<?=$_SESSION['token']?>" title="<?=_('Log out');?> (<?=$user?>)" class="l-profile__logout"><i class="fas fa-arrow-alt-circle-up"></i></a></div>
 			<?php } else { ?>
-				<div class="l-menu__item"><a href="/logout/" title="<?=_('Log out');?>" class="l-profile__logout"><i class="fas fa-sign-out-alt"></i></a></div>
+				<div class="l-menu__item"><a href="/logout/?token=<?=$_SESSION['token']?>" title="<?=_('Log out');?>" class="l-profile__logout"><i class="fas fa-sign-out-alt"></i></a></div>
 			<?php } ?>
 		</div>
 	</div>

web/templates/pages/list_server_info.html

@@ -32,7 +32,7 @@
 			</div>
 			<div class="l-profile noselect">
 				<div class="l-menu__item"><a href="javascript:location.reload();" title="<?=_('Refresh');?>"><i class="fas fa-redo"></i></a></div>
-				<div class="l-menu__item"><a href="/logout/" title="<?=_('Log out');?>" class="l-profile__logout"><i class="fas fa-sign-out-alt"></i></a></div>
+				<div class="l-menu__item"><a href="/logout/?token=<?=$_SESSION['token']?>" title="<?=_('Log out');?>" class="l-profile__logout"><i class="fas fa-sign-out-alt"></i></a></div>
 			</div>
 		</div>
 	</div>

web/templates/pages/list_weblog.html

@@ -28,7 +28,7 @@
 			<div class="l-profile">
 				<div class="l-menu__item"><a href="javascript:location.reload();" title="<?=_('Refresh');?>"><i class="fas fa-redo"></i></a></div>
 				<div class="l-menu__item"><a href="/edit/user/?user=<?=$user; ?>" title="<?=$user?>" class="l-profile__username"><i class="fas fa-user-circle"></i></a></div>
-				<div class="l-menu__item"><a href="/logout/" title="<?=_('Log out');?>" class="l-profile__logout"><i class="fas fa-sign-out-alt"></i></a></div>
+				<div class="l-menu__item"><a href="/logout/?token=<?=$_SESSION['token']?>" title="<?=_('Log out');?>" class="l-profile__logout"><i class="fas fa-sign-out-alt"></i></a></div>
 			</div>
 		</div>
 	</div>