AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-15 10:14:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #825 from wrongecho/csrf-stripe

Browse Source 
Require CSRF token to edit Stripe settings - thanks to @stehled
This commit is contained in:
wrongecho
2023-11-25 16:39:14 +00:00
committed by GitHub
parent 3158353921 432488eca3
commit 51ac53dc50
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
post/setting.php
View File

@@ -331,6 +331,7 @@ if (isset($_GET['generate_cron_key'])) {
if (isset($_POST['edit_online_payment_settings'])) { if (isset($_POST['edit_online_payment_settings'])) {
validateCSRFToken($_POST['csrf_token']);
validateAdminRole(); validateAdminRole();
$config_stripe_enable = intval($_POST['config_stripe_enable']); $config_stripe_enable = intval($_POST['config_stripe_enable']);

1
settings_online_payment.php
View File

@@ -11,6 +11,7 @@ require_once "inc_all_settings.php";
</div> </div>
<div class="card-body"> <div class="card-body">
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="form-group"> <div class="form-group">
<div class="custom-control custom-switch"> <div class="custom-control custom-switch">