5 лет назад · 75dd04a902
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,7 +40,8 @@ All notable changes to this project will be documented in this file.
 
				 - Improved IDN domain handling to resolve issues with Let's Encrypt SSL and mail domain services.
			
 
				 - Added private folder to openbasedir permission for all main templates.
			
 
				 - Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
			
 
				-- Fix xss vulnerability in v-add-sys-ip (thanks @numanturle)
			
 
				+- Fixed xss vulnerability in v-add-sys-ip (thanks **@numanturle**)
			
 
				+- Fixed remote execution possibility when deleting ssh key (thanks **@numanturle**)
			
 
				 
			
 
				 ## [1.3.3] - Service Release
			
 
				 ### Bugfixes
			
--- a/web/delete/key/index.php
+++ b/web/delete/key/index.php
@@ -6,7 +6,7 @@ session_start();
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
			
 
				-    $user=$_GET['user'];;
			
 
				+    $user=$_GET['user'];
			
 
				 }
			
 
				 
			
 
				 // Check token
			
@@ -17,8 +17,9 @@ if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
 
				 
			
 
				 if (!empty($_GET['key'])) {
			
 
				     $v_key = escapeshellarg(trim($_GET['key']));
			
 
				+    $v_user = escapeshellarg(trim($v_user));
			
 
				     $v_key = str_replace('/','\\/', $v_key);
			
 
				-    exec (HESTIA_CMD."v-delete-user-ssh-key ".$user." ".$v_key);
			
 
				+    exec (HESTIA_CMD."v-delete-user-ssh-key ".$v_user." ".$v_key);
			
 
				     check_return_code($return_var,$output);
			
 
				 }
			
 
				 
			
--- a/web/inc/2fa/active.php
+++ b/web/inc/2fa/active.php
@@ -1,23 +0,0 @@
 
				-<?php
			
 
				-
			
 
				-define('NO_AUTH_REQUIRED',true);
			
 
				-
			
 
				-// Main include
			
 
				-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				-
			
 
				-if (isset($_GET['user'])) {
			
 
				-    $v_user = escapeshellarg($_GET['user']);
			
 
				-
			
 
				-    // Get user speciefic parameters
			
 
				-    exec (HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
			
 
				-    $data = json_decode(implode('', $output), true);
			
 
				-
			
 
				-    // Check if 2FA is active
			
 
				-    if ($data[$_GET['user']]['TWOFA'] != '') {
			
 
				-        header("HTTP/1.0 200 OK");
			
 
				-        exit;
			
 
				-    } else {
			
 
				-        header("HTTP/1.0 404 Not Found");
			
 
				-        exit;
			
 
				-    }
			
 
				-}
			
--- a/web/login/index.php
+++ b/web/login/index.php
@@ -97,10 +97,10 @@ function authenticate_user($user, $password, $twofa = ''){
 
				                 $data = json_decode(implode('', $output), true);
			
 
				                 unset($output); 
			
 
				                 if ($data[$user]['TWOFA'] != '') {
			
 
				-                        if(empty($_POST['twofa'])){
			
 
				+                        if(empty($twofa)){
			
 
				                             return false;
			
 
				                         }else{
			
 
				-                            $v_twofa = $_POST['twofa'];
			
 
				+                            $v_twofa = escapeshellarg($twofa);
			
 
				                             exec(HESTIA_CMD ."v-check-user-2fa ".$v_user." ".$v_twofa, $output, $return_var);
			
 
				                             unset($output);
			
 
				                             if ( $return_var > 0 ) {