diff --git a/agent/includes/inc_client_top_head.php b/agent/includes/inc_client_top_head.php index 48ecb584..f9452c83 100644 --- a/agent/includes/inc_client_top_head.php +++ b/agent/includes/inc_client_top_head.php @@ -1,4 +1,4 @@ - +
@@ -39,8 +39,8 @@
- - Unarchive Client + + Restore Client @@ -59,7 +59,7 @@
" id="clientHeader"> - +
Primary Location
@@ -129,7 +129,7 @@
= 1 && $config_module_enable_accounting == 1) { ?> - +
Billing
Hourly Rate @@ -141,7 +141,7 @@
Balance float-right">
-
Credit diff --git a/agent/modals/ticket/ticket_task_approver_add.php b/agent/modals/ticket/ticket_task_approver_add.php index 1b04f348..e21e4b9b 100644 --- a/agent/modals/ticket/ticket_task_approver_add.php +++ b/agent/modals/ticket/ticket_task_approver_add.php @@ -24,8 +24,8 @@ ob_start();
- +
diff --git a/agent/modals/ticket/ticket_task_edit.php b/agent/modals/ticket/ticket_task_edit.php index 6243a8c7..91e25e8b 100644 --- a/agent/modals/ticket/ticket_task_edit.php +++ b/agent/modals/ticket/ticket_task_edit.php @@ -34,6 +34,7 @@ ob_start();
+
diff --git a/agent/post/task.php b/agent/post/task.php index aac1b68a..5525ad0c 100644 --- a/agent/post/task.php +++ b/agent/post/task.php @@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_task'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $ticket_id = intval($_POST['ticket_id']); @@ -30,6 +32,8 @@ if (isset($_POST['add_task'])) { if (isset($_POST['edit_ticket_task'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $task_id = intval($_POST['task_id']); @@ -54,6 +58,8 @@ if (isset($_POST['edit_ticket_task'])) { if (isset($_POST['edit_ticket_template_task'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $task_template_id = intval($_POST['task_template_id']); @@ -97,6 +103,8 @@ if (isset($_GET['delete_task'])) { if (isset($_GET['complete_task'])) { + validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); $task_id = intval($_GET['complete_task']); @@ -129,6 +137,8 @@ if (isset($_GET['complete_task'])) { if (isset($_GET['undo_complete_task'])) { + validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); $task_id = intval($_GET['undo_complete_task']); @@ -158,6 +168,7 @@ if (isset($_GET['undo_complete_task'])) { if (isset($_POST['add_ticket_task_approver'])) { validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $task_id = intval($_POST['task_id']); @@ -331,6 +342,7 @@ if (isset($_POST['add_ticket_task_approver'])) { if (isset($_GET['approve_ticket_task'])) { validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); $task_id = intval($_GET['approve_task']); @@ -398,6 +410,8 @@ if (isset($_GET['delete_ticket_task_approver'])) { if (isset($_GET['complete_all_tasks'])) { + validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); $ticket_id = intval($_GET['complete_all_tasks']); @@ -422,6 +436,8 @@ if (isset($_GET['complete_all_tasks'])) { if (isset($_GET['undo_complete_all_tasks'])) { + validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); $ticket_id = intval($_GET['undo_complete_all_tasks']); diff --git a/agent/project_details.php b/agent/project_details.php index 3d8c3f53..bcf1a5e2 100644 --- a/agent/project_details.php +++ b/agent/project_details.php @@ -527,7 +527,7 @@ if (isset($_GET['project_id'])) { - + diff --git a/agent/ticket.php b/agent/ticket.php index 528ab72d..23740705 100644 --- a/agent/ticket.php +++ b/agent/ticket.php @@ -913,11 +913,11 @@ if (isset($_GET['ticket_id'])) {
- + Mark All Complete
- + Mark All Incomplete
@@ -933,6 +933,7 @@ if (isset($_GET['ticket_id'])) { = 2) { ?> +
@@ -1016,7 +1017,7 @@ if (isset($_GET['ticket_id'])) { - + @@ -1049,7 +1050,7 @@ if (isset($_GET['ticket_id'])) { - + Mark incomplete