Products: Add missing CSRF checks change wording from unarchive to restore

2026-03-11 08:14:52 +00:00 · 2026-03-01 22:50:04 -05:00
parent af1ebfea41
commit 36ac006438
6 changed files with 32 additions and 16 deletions
--- a/agent/products.php
+++ b/agent/products.php
@@ -287,18 +287,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                            <?php if ($session_user_role == 3) { ?>
                                                <?php if ($product_archived_at) { ?>
                                                <div class="dropdown-divider"></div>
-                                                <a class="dropdown-item text-info" href="post.php?unarchive_product=<?php echo $product_id; ?>">
-                                                    <i class="fas fa-fw fa-redo mr-2"></i>Unarchive
+                                                <a class="dropdown-item text-info" href="post.php?restore_product=<?= $product_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
+                                                    <i class="fas fa-fw fa-redo mr-2"></i>Restore
                                                </a>
                                                <?php if ($config_destructive_deletes_enable) { ?>
                                                <div class="dropdown-divider"></div>
-                                                <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_product=<?php echo $product_id; ?>">
+                                                <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_product=<?= $product_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                    <i class="fas fa-fw fa-trash mr-2"></i>Delete
                                                </a>
                                                <?php } ?>
                                                <?php } else { ?>
                                                <div class="dropdown-divider"></div>
-                                                <a class="dropdown-item text-danger confirm-link" href="post.php?archive_product=<?php echo $product_id; ?>">
+                                                <a class="dropdown-item text-danger confirm-link" href="post.php?archive_product=<?= $product_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                    <i class="fas fa-fw fa-archive mr-2"></i>Archive
                                                </a>
                                                <?php } ?>