mirror of https://github.com/itflow-org/itflow
Project - Require CSRF token to delete a project
This commit is contained in:
Marcus Hill
parent
b85fa38b67
commit
0df5c01bb7
|
|
@ -170,6 +170,9 @@ if (isset($_GET['delete_project'])) {
|
|||
|
||||
enforceUserPermission('module_support', 3);
|
||||
|
||||
// CSRF Check
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
$project_id = intval($_GET['delete_project']);
|
||||
|
||||
// Get Project Name and Client ID for logging
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ if (isset($_GET['project_id'])) {
|
|||
<?php } ?>
|
||||
<?php if (!empty($project_archived_at) && lookupUserPermission("module_support" >= 3)) { ?>
|
||||
<div class="dropdown-divider"></div>
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-trash mr-2"></i>Delete
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -320,7 +320,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</a>
|
||||
<?php if (lookupUserPermission("module_support" >= 3)) { ?>
|
||||
<div class="dropdown-divider"></div>
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>">
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?delete_project=<?php echo $project_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Delete
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue