Merge branch 'fix/logout-csrf' into main

web/download/web-log/index.php

@@ -1,26 +1,40 @@
 <?php
+
 // Init
-error_reporting(NULL);
+error_reporting(null);
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+if ((!$_GET['token']) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /list/user/');
+    exit();
+}
+
 $v_domain = $_GET['domain'];
 $v_domain = escapeshellarg($_GET['domain']);
-if ($_GET['type'] == 'access') $type = 'access';
-if ($_GET['type'] == 'error') $type = 'error';
+if ($_GET['type'] == 'access') {
+    $type = 'access';
+}
+if ($_GET['type'] == 'error') {
+    $type = 'error';
+}
 
 header("Cache-Control: public");
 header("Content-Description: File Transfer");
 header("Content-Disposition: attachment; filename=".$_GET['domain'].".".$type."-log.txt");
-header("Content-Type: application/octet-stream; "); 
+header("Content-Type: application/octet-stream; ");
 header("Content-Transfer-Encoding: binary");
 
 $v_domain = escapeshellarg($_GET['domain']);
-if ($_GET['type'] == 'access') $type = 'access';
-if ($_GET['type'] == 'error') $type = 'error';
+if ($_GET['type'] == 'access') {
+    $type = 'access';
+}
+if ($_GET['type'] == 'error') {
+    $type = 'error';
+}
 
-exec (HESTIA_CMD."v-list-web-domain-".$type."log $user ".$v_domain." 5000", $output, $return_var);
-if ($return_var == 0 ) {
-    foreach($output as $file) {
+exec(HESTIA_CMD."v-list-web-domain-".$type."log $user ".$v_domain." 5000", $output, $return_var);
+if ($return_var == 0) {
+    foreach ($output as $file) {
         echo $file . "\n";
     }
 }

web/templates/pages/list_weblog.html

@@ -22,8 +22,8 @@
 			<a href="/" class="l-logo"></a>
 			<div class="l-menu clearfix">
 				<div class="l-menu__item"><a href="/list/web/"><i class="fas fa-arrow-alt-circle-left"></i>&nbsp;&nbsp;&nbsp;<?=_('Back');?></a></div>
-				<div class="l-menu__item <?php if($_GET['type'] == 'access') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access"><i class="fas fa-eye"></i>&nbsp;&nbsp;&nbsp;<?=_('Access Log');?></a><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access" title="<?=_('Download');?>"><i class="fas fa-download"></i></a></div>
-				<div class="l-menu__item <?php if($_GET['type'] == 'error') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><i class="fas fa-exclamation-circle"></i>&nbsp;&nbsp;&nbsp;<?=_('Error Log');?></a><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error" title="<?=_('Download');?>"><i class="fas fa-download"></i></a></div>
+				<div class="l-menu__item <?php if($_GET['type'] == 'access') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access&token=<?=$_SESSION['token']?>"><i class="fas fa-eye"></i>&nbsp;&nbsp;&nbsp;<?=_('Access Log');?></a><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access" title="<?=_('Download');?>"><i class="fas fa-download"></i></a></div>
+				<div class="l-menu__item <?php if($_GET['type'] == 'error') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><i class="fas fa-exclamation-circle"></i>&nbsp;&nbsp;&nbsp;<?=_('Error Log');?></a><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error&token=<?=$_SESSION['token']?>" title="<?=_('Download');?>"><i class="fas fa-download"></i></a></div>
 			</div>
 			<div class="l-profile">
 				<div class="l-menu__item"><a href="javascript:location.reload();" title="<?=_('Refresh');?>"><i class="fas fa-redo"></i></a></div>