5 years ago · 74f4ead060
--- a/web/delete/key/index.php
+++ b/web/delete/key/index.php
@@ -5,17 +5,16 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				-if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
			
 
				-    $v_user=$_GET['user'];
			
 
				-    $v_user = $user;
			
 
				-}
			
 
				-
			
 
				 // Check token
			
 
				 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				     header('location: /login/');
			
 
				     exit();
			
 
				 }
			
 
				 
			
 
				+if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
			
 
				+    $v_user = $_GET['user'];
			
 
				+}
			
 
				+
			
 
				 if (!empty($_GET['key'])) {
			
 
				     $v_key = escapeshellarg(trim($_GET['key']));
			
 
				     $v_user = escapeshellarg(trim($v_user));
			
--- a/web/list/key/index.php
+++ b/web/list/key/index.php
@@ -5,6 +5,10 @@ $TAB = 'USER';
 
				 // Main include
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
			
 
				+    $user = htmlspecialchars($_GET['user']);
			
 
				+}
			
 
				+
			
 
				 exec (HESTIA_CMD . "v-list-user-ssh-key ".escapeshellarg($user)." json", $output, $return_var);
			
 
				 
			
 
				 $data = json_decode(implode('', $output), true);
			
--- a/web/templates/admin/list_key.html
+++ b/web/templates/admin/list_key.html
@@ -34,6 +34,11 @@
 
				                 <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
			
 
				                   <a id="delete_link_<?=$i?>" class="data-controls do_delete" title="<?=_('delete')?>">
			
 
				                     <i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
			
 
				+                    <? if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
			
 
				+                      <input type="hidden" name="delete_url" value="/delete/key/?user=<?=$_GET['user']?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
			
 
				+                      <? } else { ?>
			
 
				+                        <input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
			
 
				+                      <? } ?>
			
 
				                     <input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
			
 
				                     <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
			
 
				                       <p class="confirmation"><?=sprintf(_('DELETE_KEY_CONFIRM'),$key)?></p>