AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

software licenses: Add missing CSRF checks, add missing permission checks

Browse Source
This commit is contained in:
johnnyq
2026-03-02 19:37:27 -05:00
parent 24b244b612
commit 1740599b61
6 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
agent/post/software.php
View File

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_software_from_template'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
// GET POST Data
@@ -40,6 +42,8 @@ if (isset($_POST['add_software_from_template'])) {
if (isset($_POST['add_software'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
@@ -99,6 +103,8 @@ if (isset($_POST['add_software'])) {
if (isset($_POST['edit_software'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$software_id = intval($_POST['software_id']);
@@ -158,6 +164,8 @@ if (isset($_POST['edit_software'])) {
if (isset($_GET['archive_software'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$software_id = intval($_GET['archive_software']);
@@ -184,6 +192,8 @@ if (isset($_GET['archive_software'])) {
if (isset($_GET['delete_software'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$software_id = intval($_GET['delete_software']);
@@ -206,6 +216,8 @@ if (isset($_GET['delete_software'])) {
if (isset($_POST['export_software_csv'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support');
if ($_POST['client_id']) {