6 лет назад · 7603cdea7a
--- a/web/add/cron/autoupdate/index.php
+++ b/web/add/cron/autoupdate/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 if ($_SESSION['user'] == 'admin') {
			
 
				     exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var);
			
 
				     $_SESSION['error_msg'] = __('Autoupdate has been successfully enabled');
			
--- a/web/add/cron/reports/index.php
+++ b/web/add/cron/reports/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var);
			
 
				 $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled');
			
 
				 unset($output);
			
--- a/web/add/firewall/banlist/index.php
+++ b/web/add/firewall/banlist/index.php
@@ -15,6 +15,12 @@ if ($_SESSION['user'] != 'admin') {
 
				 // Check POST request
			
 
				 if (!empty($_POST['ok'])) {
			
 
				 
			
 
				+    // Check token
			
 
				+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
			
 
				+        header('location: /login/');
			
 
				+        exit();
			
 
				+    }
			
 
				+
			
 
				     // Check empty fields
			
 
				     if (empty($_POST['v_chain'])) $errors[] = __('banlist');
			
 
				     if (empty($_POST['v_ip'])) $errors[] = __('ip address');
			
--- a/web/delete/cron/autoupdate/index.php
+++ b/web/delete/cron/autoupdate/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 if ($_SESSION['user'] == 'admin') {
			
 
				     exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var);
			
 
				     $_SESSION['error_msg'] = __('Autoupdate has been successfully disabled');
			
--- a/web/delete/cron/reports/index.php
+++ b/web/delete/cron/reports/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var);
			
 
				 $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled');
			
 
				 unset($output);
			
--- a/web/restart/service/index.php
+++ b/web/restart/service/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 if ($_SESSION['user'] == 'admin') {
			
 
				     if (!empty($_GET['srv'])) {
			
 
				         if ($_GET['srv'] == 'iptables') {
			
--- a/web/restart/system/index.php
+++ b/web/restart/system/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 if ($_SESSION['user'] == 'admin') {
			
 
				     if (!empty($_GET['hostname'])) {
			
 
				         exec (VESTA_CMD."v-restart-system yes", $output, $return_var);
			
--- a/web/templates/admin/list_services.html
+++ b/web/templates/admin/list_services.html
@@ -54,7 +54,7 @@
 
				           <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">
			
 
				             <div class="actions-panel clearfix">
			
 
				               <div class="actions-panel__col actions-panel__configure shortcut-enter" key-action="href"><a href="/edit/server/"><?=__('configure')?> <i></i></a><span class="shortcut enter">&nbsp;&#8629;</span></div>
			
 
				-              <div class="actions-panel__col actions-panel__restart shortcut-r" key-action="href"><a href="/restart/system/?hostname=<?php echo $sys['sysinfo']['HOSTNAME'] ?>"><?=__('restart')?> <i></i></a><span class="shortcut">&nbsp;R</span></div>
			
 
				+              <div class="actions-panel__col actions-panel__restart shortcut-r" key-action="href"><a href="/restart/system/?hostname=<?php echo $sys['sysinfo']['HOSTNAME'] ?>&token=<?=$_SESSION['token']?>"><?=__('restart')?> <i></i></a><span class="shortcut">&nbsp;R</span></div>
			
 
				             </div>
			
 
				             <!-- /.actions-panel -->
			
 
				           </div>
			
--- a/web/update/vesta/index.php
+++ b/web/update/vesta/index.php
@@ -5,6 +5,12 @@ ob_start();
 
				 session_start();
			
 
				 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
			
 
				 
			
 
				+// Check token
			
 
				+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
			
 
				+    header('location: /login/');
			
 
				+    exit();
			
 
				+}
			
 
				+
			
 
				 if ($_SESSION['user'] == 'admin') {
			
 
				     if (!empty($_GET['pkg'])) {
			
 
				         $v_pkg = escapeshellarg($_GET['pkg']);