5 лет назад · 74f4ead060
--- a/web/delete/key/index.php
+++ b/web/delete/key/index.php
@@ -5,17 +5,16 @@ ob_start();
 
															 session_start();
														
 
															 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
														
 
															-if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
														
 
															-    $v_user=$_GET['user'];
														
 
															-    $v_user = $user;
														
 
															-}
														
 
															-
														
 
															 // Check token
														
 
															 if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
														
 
															     header('location: /login/');
														
 
															     exit();
														
 
															 }
														
 
															+if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
														
 
															+    $v_user = $_GET['user'];
														
 
															+}
														
 
															+
														
 
															 if (!empty($_GET['key'])) {
														
 
															     $v_key = escapeshellarg(trim($_GET['key']));
														
 
															     $v_user = escapeshellarg(trim($v_user));
														
--- a/web/list/key/index.php
+++ b/web/list/key/index.php
@@ -5,6 +5,10 @@ $TAB = 'USER';
 
															 // Main include
														
 
															 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
														
 
															+if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
														
 
															+    $user = htmlspecialchars($_GET['user']);
														
 
															+}
														
 
															+
														
 
															 exec (HESTIA_CMD . "v-list-user-ssh-key ".escapeshellarg($user)." json", $output, $return_var);
														
 
															 $data = json_decode(implode('', $output), true);
														
--- a/web/templates/admin/list_key.html
+++ b/web/templates/admin/list_key.html
@@ -34,6 +34,11 @@
 
															                 <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js">
														
 
															                   <a id="delete_link_<?=$i?>" class="data-controls do_delete" title="<?=_('delete')?>">
														
 
															                     <i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
														
 
															+                    <? if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
														
 
															+                      <input type="hidden" name="delete_url" value="/delete/key/?user=<?=$_GET['user']?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
														
 
															+                      <? } else { ?>
														
 
															+                        <input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
														
 
															+                      <? } ?>
														
 
															                     <input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
														
 
															                     <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
														
 
															                       <p class="confirmation"><?=sprintf(_('DELETE_KEY_CONFIRM'),$key)?></p>