AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Quote: Add missing CSRF checks and missing permission on export quote pdf

Browse Source
This commit is contained in:
johnnyq
2026-03-01 22:02:43 -05:00
parent e1daa14087
commit 2c47001b19
9 changed files with 50 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
agent/quotes.php
View File

@@ -224,13 +224,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</a>
<?php if (!empty($config_smtp_host)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="post.php?email_quote=<?php echo $quote_id; ?>">
<a class="dropdown-item" href="post.php?email_quote=<?= $quote_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-paper-plane mr-2"></i>Email
</a>
<?php } ?>
<?php if (lookupUserPermission("module_sales") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_quote=<?php echo $quote_id; ?>">
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_quote=<?= $quote_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
</a>
<?php } ?>