AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Checks to notifications and ensure the user dismissing the notification is their own notification

Browse Source
This commit is contained in:
johnnyq
2026-03-05 17:51:20 -05:00
parent a81edc122d
commit 30357b9cf7
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
post/misc.php
View File

@@ -20,9 +20,11 @@ if(isset($_POST['change_records_per_page'])){
if (isset($_GET['dismiss_notification'])) {
validateCSRFToken($_GET['csrf_token']);
$notification_id = intval($_GET['dismiss_notification']);
mysqli_query($mysqli,"UPDATE notifications SET notification_dismissed_at = NOW(), notification_dismissed_by = $session_user_id WHERE notification_id = $notification_id");
mysqli_query($mysqli,"UPDATE notifications SET notification_dismissed_at = NOW(), notification_dismissed_by = $session_user_id WHERE notification_user_id = $session_user_id AND notification_id = $notification_id");
// Logging
logAction("Notification", "Dismiss", "$session_name dismissed notification");