software licenses: Add missing CSRF checks, add missing permission checks

2026-03-11 00:04:50 +00:00 · 2026-03-02 19:37:27 -05:00
parent 24b244b612
commit 1740599b61
6 changed files with 20 additions and 2 deletions
--- a/agent/modals/software/software_add.php
+++ b/agent/modals/software/software_add.php
@@ -14,6 +14,8 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+
    <div class="modal-body">

        <ul class="nav nav-pills nav-justified mb-3">
--- a/agent/modals/software/software_add_from_template.php
+++ b/agent/modals/software/software_add_from_template.php
@@ -15,6 +15,8 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+
    <div class="modal-body">

        <?php if ($client_id) { ?>
--- a/agent/modals/software/software_edit.php
+++ b/agent/modals/software/software_edit.php
@@ -51,6 +51,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
    <input type="hidden" name="software_id" value="<?php echo $software_id; ?>">
    <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
    <div class="modal-body">
--- a/agent/modals/software/software_export.php
+++ b/agent/modals/software/software_export.php
@@ -15,6 +15,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
    <input type="hidden" name="client_id" value="<?= $client_id ?>">

    <div class="modal-body">
--- a/agent/post/software.php
+++ b/agent/post/software.php
@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");

 if (isset($_POST['add_software_from_template'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    // GET POST Data
@@ -40,6 +42,8 @@ if (isset($_POST['add_software_from_template'])) {

 if (isset($_POST['add_software'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    $client_id = intval($_POST['client_id']);
@@ -99,6 +103,8 @@ if (isset($_POST['add_software'])) {

 if (isset($_POST['edit_software'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    $software_id = intval($_POST['software_id']);
@@ -158,6 +164,8 @@ if (isset($_POST['edit_software'])) {

 if (isset($_GET['archive_software'])) {

+    validateCSRFToken($_GET['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    $software_id = intval($_GET['archive_software']);
@@ -184,6 +192,8 @@ if (isset($_GET['archive_software'])) {

 if (isset($_GET['delete_software'])) {

+    validateCSRFToken($_GET['csrf_token']);
+
    enforceUserPermission('module_support', 3);

    $software_id = intval($_GET['delete_software']);
@@ -206,6 +216,8 @@ if (isset($_GET['delete_software'])) {

 if (isset($_POST['export_software_csv'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support');

    if ($_POST['client_id']) {
--- a/agent/software.php
+++ b/agent/software.php
@@ -294,12 +294,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                            <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                        </a>
                                        <div class="dropdown-divider"></div>
-                                        <a class="dropdown-item text-danger confirm-link" href="post.php?archive_software=<?php echo $software_id; ?>">
+                                        <a class="dropdown-item text-danger confirm-link" href="post.php?archive_software=<?php echo $software_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                            <i class="fas fa-fw fa-archive mr-2"></i>Archive and<br><small>Remove Licenses</small></a>
                                        <?php if ($session_user_role == 3) { ?>
                                            <?php if ($config_destructive_deletes_enable) { ?>
                                            <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_software=<?php echo $software_id; ?>">
+                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_software=<?php echo $software_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                <i class="fas fa-fw fa-trash mr-2"></i>Delete and<br><small>Remove Licenses</small></a>
                                            <?php } ?>
                                        <?php } ?>