add security question when deleting api-key

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

api_keys.php

@@ -32,36 +32,43 @@ $success_message = "";
 $id = (int) Request::get('id');
 
 // do the delete and then just show a success-message and the apikeys list again
-if ($action == 'delete') {
-	if ($id > 0) {
-		$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
-		if (AREA == 'customer') {
-			$chk_stmt = Database::prepare("
+if ($action == 'delete' && $id > 0) {
+	\Froxlor\UI\HTML::askYesNo('apikey_reallydelete', $filename, array(
+		'id' => $id,
+		'page' => $page,
+		'action' => 'deletesure'
+	), '', [
+		'section' => 'index',
+		'page' => $page
+	]);
+} elseif ($action == 'deletesure' && $id > 0) {
+	$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
+	if (AREA == 'customer') {
+		$chk_stmt = Database::prepare("
 				SELECT c.customerid FROM `" . TABLE_PANEL_CUSTOMERS . "` c
 				LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.customerid = c.customerid
 				WHERE ak.`id` = :id AND c.`customerid` = :cid
 			");
-			$chk = Database::pexecute_first($chk_stmt, array(
-				'id' => $id,
-				'cid' => $userinfo['customerid']
-			));
-		} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
-			$chk_stmt = Database::prepare("
+		$chk = Database::pexecute_first($chk_stmt, array(
+			'id' => $id,
+			'cid' => $userinfo['customerid']
+		));
+	} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
+		$chk_stmt = Database::prepare("
 				SELECT a.adminid FROM `" . TABLE_PANEL_ADMINS . "` a
 				LEFT JOIN `" . TABLE_API_KEYS . "` ak ON ak.adminid = a.adminid
 				WHERE ak.`id` = :id AND a.`adminid` = :aid
 			");
-			$chk = Database::pexecute_first($chk_stmt, array(
-				'id' => $id,
-				'aid' => $userinfo['adminid']
-			));
-		}
-		if ($chk !== false) {
-			Database::pexecute($del_stmt, array(
-				'id' => $id
-			));
-			$success_message = sprintf($lng['apikeys']['apikey_removed'], $id);
-		}
+		$chk = Database::pexecute_first($chk_stmt, array(
+			'id' => $id,
+			'aid' => $userinfo['adminid']
+		));
+	}
+	if ($chk !== false) {
+		Database::pexecute($del_stmt, array(
+			'id' => $id
+		));
+		$success_message = sprintf($lng['apikeys']['apikey_removed'], $id);
 	}
 } elseif ($action == 'add') {
 	$ins_stmt = Database::prepare("

lib/Froxlor/UI/HTML.php

@@ -169,12 +169,13 @@ class HTML
 	 *        	Values which will be given to $yesfile. Format: array(variable1=>value1, variable2=>value2, variable3=>value3)
 	 * @param string $replacer
 	 *        	value of a possible existing string-replacer in the question
+	 * @param array $back_link
 	 *
 	 * @author Froxlor team <team@froxlor.org> (2010-)
 	 *
 	 * @return string
 	 */
-	public static function askYesNo(string $text, string $yesfile, array $params = [], string $replacer = '')
+	public static function askYesNo(string $text, string $yesfile, array $params = [], string $replacer = '', array $back_link = [])
 	{
 		global $lng;
 
@@ -189,7 +190,8 @@ class HTML
 		Panel\UI::view('form/yesnoquestion.html.twig', [
 			'action' => $yesfile,
 			'url_params' => $params,
-			'question' => $text
+			'question' => $text,
+			'back_link' => $back_link
 		]);
 		exit();
 	}

lib/tablelisting/customer/tablelisting.domains.php

@@ -33,7 +33,7 @@ return [
 			'd.domain_ace' => [
 				'label' => $lng['domains']['domainname'],
 				'field' => 'domain_ace',
-				'callback' => [Domain::class, 'domainExternalLink'],
+				'callback' => [Domain::class, 'domainExternalLinkInfo'],
 			],
 			'd.documentroot' => [
 				'label' => $lng['panel']['path'],

lng/english.lng.php

@@ -2169,3 +2169,4 @@ $lng['panel']['settingsmodetoggle'] = 'Click to toggle mode';
 $lng['panel']['modalclose'] = 'Close';
 $lng['panel']['managetablecolumnsmodal']['title'] = 'Manage table columns';
 $lng['panel']['managetablecolumnsmodal']['description'] = 'Here you can customize the visible columns';
+$lng['question']['apikey_reallydelete'] = 'Do you really want to delete this api-key?';

lng/german.lng.php

@@ -1807,3 +1807,4 @@ $lng['panel']['settingsmodetoggle'] = 'Modus umschalten';
 $lng['panel']['modalclose'] = 'Schließen';
 $lng['panel']['managetablecolumnsmodal']['title'] = 'Tabellenspalten verwalten';
 $lng['panel']['managetablecolumnsmodal']['description'] = 'Hier können die angezeigten Tabellenspalten angepasst werden';
+$lng['question']['plan_reallydelete'] = 'Wollen Sie den Api-Key wirklich löschen?';

templates/Froxlor/form/yesnoquestion.html.twig

@@ -23,7 +23,11 @@
 					<input type="hidden" name="{{ id }}" value="{{ field }}"/>
 				{% endfor %}
 				<button class="btn btn-danger" type="submit" name="submitbutton">{{ lng('panel.yes') }}</button>&nbsp;
-				<a href="javascript:history.back(-1)" class="btn btn-secondary">{{ lng('panel.no') }}</a>
+				{% if back_link is defined and back_link is iterable %}
+					<a href="{{ linker(back_link) }}" class="btn btn-secondary">{{ lng('panel.no') }}</a>
+				{% else %}
+					<a href="javascript:history.back(-1)" class="btn btn-secondary">{{ lng('panel.no') }}</a>
+				{% endif %}
 			</p>
 		</div>