From 7178b49101fc186a78a5890b4298a47bb1761d12 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Sat, 23 Apr 2022 10:00:41 +0200 Subject: [PATCH] add security question when deleting api-key Signed-off-by: Michael Kaufmann --- api_keys.php | 51 +++++++++++-------- lib/Froxlor/UI/HTML.php | 6 ++- .../customer/tablelisting.domains.php | 2 +- lng/english.lng.php | 1 + lng/german.lng.php | 1 + .../Froxlor/form/yesnoquestion.html.twig | 6 ++- 6 files changed, 41 insertions(+), 26 deletions(-) diff --git a/api_keys.php b/api_keys.php index 55c187e8..0c1e0835 100644 --- a/api_keys.php +++ b/api_keys.php @@ -32,36 +32,43 @@ $success_message = ""; $id = (int) Request::get('id'); // do the delete and then just show a success-message and the apikeys list again -if ($action == 'delete') { - if ($id > 0) { - $chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false; - if (AREA == 'customer') { - $chk_stmt = Database::prepare(" +if ($action == 'delete' && $id > 0) { + \Froxlor\UI\HTML::askYesNo('apikey_reallydelete', $filename, array( + 'id' => $id, + 'page' => $page, + 'action' => 'deletesure' + ), '', [ + 'section' => 'index', + 'page' => $page + ]); +} elseif ($action == 'deletesure' && $id > 0) { + $chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false; + if (AREA == 'customer') { + $chk_stmt = Database::prepare(" SELECT c.customerid FROM `" . TABLE_PANEL_CUSTOMERS . "` c LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.customerid = c.customerid WHERE ak.`id` = :id AND c.`customerid` = :cid "); - $chk = Database::pexecute_first($chk_stmt, array( - 'id' => $id, - 'cid' => $userinfo['customerid'] - )); - } elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') { - $chk_stmt = Database::prepare(" + $chk = Database::pexecute_first($chk_stmt, array( + 'id' => $id, + 'cid' => $userinfo['customerid'] + )); + } elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') { + $chk_stmt = Database::prepare(" SELECT a.adminid FROM `" . TABLE_PANEL_ADMINS . "` a LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.adminid = a.adminid WHERE ak.`id` = :id AND a.`adminid` = :aid "); - $chk = Database::pexecute_first($chk_stmt, array( - 'id' => $id, - 'aid' => $userinfo['adminid'] - )); - } - if ($chk !== false) { - Database::pexecute($del_stmt, array( - 'id' => $id - )); - $success_message = sprintf($lng['apikeys']['apikey_removed'], $id); - } + $chk = Database::pexecute_first($chk_stmt, array( + 'id' => $id, + 'aid' => $userinfo['adminid'] + )); + } + if ($chk !== false) { + Database::pexecute($del_stmt, array( + 'id' => $id + )); + $success_message = sprintf($lng['apikeys']['apikey_removed'], $id); } } elseif ($action == 'add') { $ins_stmt = Database::prepare(" diff --git a/lib/Froxlor/UI/HTML.php b/lib/Froxlor/UI/HTML.php index 6d9cf22a..5f6af921 100644 --- a/lib/Froxlor/UI/HTML.php +++ b/lib/Froxlor/UI/HTML.php @@ -169,12 +169,13 @@ class HTML * Values which will be given to $yesfile. Format: array(variable1=>value1, variable2=>value2, variable3=>value3) * @param string $replacer * value of a possible existing string-replacer in the question + * @param array $back_link * * @author Froxlor team (2010-) * * @return string */ - public static function askYesNo(string $text, string $yesfile, array $params = [], string $replacer = '') + public static function askYesNo(string $text, string $yesfile, array $params = [], string $replacer = '', array $back_link = []) { global $lng; @@ -189,7 +190,8 @@ class HTML Panel\UI::view('form/yesnoquestion.html.twig', [ 'action' => $yesfile, 'url_params' => $params, - 'question' => $text + 'question' => $text, + 'back_link' => $back_link ]); exit(); } diff --git a/lib/tablelisting/customer/tablelisting.domains.php b/lib/tablelisting/customer/tablelisting.domains.php index bc7a163a..0946a6df 100644 --- a/lib/tablelisting/customer/tablelisting.domains.php +++ b/lib/tablelisting/customer/tablelisting.domains.php @@ -33,7 +33,7 @@ return [ 'd.domain_ace' => [ 'label' => $lng['domains']['domainname'], 'field' => 'domain_ace', - 'callback' => [Domain::class, 'domainExternalLink'], + 'callback' => [Domain::class, 'domainExternalLinkInfo'], ], 'd.documentroot' => [ 'label' => $lng['panel']['path'], diff --git a/lng/english.lng.php b/lng/english.lng.php index 629438da..ae5254ca 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -2169,3 +2169,4 @@ $lng['panel']['settingsmodetoggle'] = 'Click to toggle mode'; $lng['panel']['modalclose'] = 'Close'; $lng['panel']['managetablecolumnsmodal']['title'] = 'Manage table columns'; $lng['panel']['managetablecolumnsmodal']['description'] = 'Here you can customize the visible columns'; +$lng['question']['apikey_reallydelete'] = 'Do you really want to delete this api-key?'; diff --git a/lng/german.lng.php b/lng/german.lng.php index 51299826..722ddc1e 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1807,3 +1807,4 @@ $lng['panel']['settingsmodetoggle'] = 'Modus umschalten'; $lng['panel']['modalclose'] = 'Schließen'; $lng['panel']['managetablecolumnsmodal']['title'] = 'Tabellenspalten verwalten'; $lng['panel']['managetablecolumnsmodal']['description'] = 'Hier können die angezeigten Tabellenspalten angepasst werden'; +$lng['question']['plan_reallydelete'] = 'Wollen Sie den Api-Key wirklich löschen?'; diff --git a/templates/Froxlor/form/yesnoquestion.html.twig b/templates/Froxlor/form/yesnoquestion.html.twig index 22036cec..73dfec30 100644 --- a/templates/Froxlor/form/yesnoquestion.html.twig +++ b/templates/Froxlor/form/yesnoquestion.html.twig @@ -23,7 +23,11 @@ {% endfor %}   - {{ lng('panel.no') }} + {% if back_link is defined and back_link is iterable %} + {{ lng('panel.no') }} + {% else %} + {{ lng('panel.no') }} + {% endif %}