AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Require CSRF token to edit Stripe settings - thanks to @stehled

Browse Source
This commit is contained in:
Marcus Hill
2023-11-25 16:36:05 +00:00
parent c1d0a2368d
commit 432488eca3
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
settings_online_payment.php
View File

@@ -11,6 +11,7 @@ require_once "inc_all_settings.php";
</div>
<div class="card-body">
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="form-group">
<div class="custom-control custom-switch">
@@ -53,9 +54,9 @@ require_once "inc_all_settings.php";
$sql_accounts = mysqli_query($mysqli, "SELECT * FROM accounts LEFT JOIN account_types ON account_types.account_type_id = accounts.account_type WHERE account_type_parent = 1 AND account_archived_at IS NULL ORDER BY account_name ASC");
while ($row = mysqli_fetch_array($sql_accounts)) {
$account_id = intval($row['account_id']);
$account_name = nullable_htmlentities($row['account_name']);
$account_name = nullable_htmlentities($row['account_name']);
?>
<option value="<?php echo $account_id ?>" <?php if ($account_id == $config_stripe_account) { echo "selected"; } ?>><?php echo $account_name ?></option>
<?php
}