AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-05-10 13:17:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Missing CSRF in unused modals

Browse Source
This commit is contained in:
johnnyq
2026-04-13 13:19:12 -04:00
parent 9c0c8ec239
commit 4e862053e8
5 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin/modals/contract_template/contract_template_add.php
View File

@@ -30,6 +30,8 @@ ob_start();
</ul> </ul>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="modal-body"> <div class="modal-body">
<div class="tab-content" id="contractTemplateTabContent"> <div class="tab-content" id="contractTemplateTabContent">

1
admin/modals/contract_template/contract_template_edit.php
View File

@@ -52,6 +52,7 @@ ob_start();
</ul> </ul>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="contract_template_id" value="<?php echo $contract_template_id; ?>"> <input type="hidden" name="contract_template_id" value="<?php echo $contract_template_id; ?>">
<div class="modal-body"> <div class="modal-body">

1
admin/modals/custom_field/custom_field_create.php
View File

@@ -8,6 +8,7 @@
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>"> <input type="hidden" name="table" value="<?php echo nullable_htmlentities($table); ?>">
<div class="modal-body"> <div class="modal-body">

1
admin/modals/custom_field/custom_field_edit.php
View File

@@ -8,6 +8,7 @@
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="custom_field_id" value="<?php echo $custom_field_id; ?>"> <input type="hidden" name="custom_field_id" value="<?php echo $custom_field_id; ?>">
<div class="modal-body"> <div class="modal-body">

1
admin/modals/user/user_export.php
View File

@@ -13,6 +13,7 @@ ob_start();
</button> </button>
</div> </div>
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="modal-body"> <div class="modal-body">
</div> </div>