diff --git a/agent/post/software.php b/agent/post/software.php
index 7ea5a2ee..b043de70 100644
--- a/agent/post/software.php
+++ b/agent/post/software.php
@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_software_from_template'])) {
+ validateCSRFToken($_POST['csrf_token']);
+
enforceUserPermission('module_support', 2);
// GET POST Data
@@ -40,6 +42,8 @@ if (isset($_POST['add_software_from_template'])) {
if (isset($_POST['add_software'])) {
+ validateCSRFToken($_POST['csrf_token']);
+
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
@@ -99,6 +103,8 @@ if (isset($_POST['add_software'])) {
if (isset($_POST['edit_software'])) {
+ validateCSRFToken($_POST['csrf_token']);
+
enforceUserPermission('module_support', 2);
$software_id = intval($_POST['software_id']);
@@ -158,6 +164,8 @@ if (isset($_POST['edit_software'])) {
if (isset($_GET['archive_software'])) {
+ validateCSRFToken($_GET['csrf_token']);
+
enforceUserPermission('module_support', 2);
$software_id = intval($_GET['archive_software']);
@@ -184,6 +192,8 @@ if (isset($_GET['archive_software'])) {
if (isset($_GET['delete_software'])) {
+ validateCSRFToken($_GET['csrf_token']);
+
enforceUserPermission('module_support', 3);
$software_id = intval($_GET['delete_software']);
@@ -206,6 +216,8 @@ if (isset($_GET['delete_software'])) {
if (isset($_POST['export_software_csv'])) {
+ validateCSRFToken($_POST['csrf_token']);
+
enforceUserPermission('module_support');
if ($_POST['client_id']) {
diff --git a/agent/software.php b/agent/software.php
index fcb0beaf..2c3bedad 100644
--- a/agent/software.php
+++ b/agent/software.php
@@ -294,12 +294,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
Edit
-
+
Archive and
Remove Licenses
-
+
Delete and
Remove Licenses