Enforce CSRF for post/asset and post/account

Tiny bit of tidying
2026-02-28 02:44:53 +00:00 · 2024-09-08 22:52:38 +01:00
parent d1410ef967
commit 64684e1248
29 changed files with 64 additions and 21 deletions
--- a/accounts.php
+++ b/accounts.php
@@ -93,7 +93,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                        </a>
                                        <?php if ($balance == 0 && $account_id != $config_stripe_account) { //Cannot Archive an Account until it reaches 0 Balance and cant be selected as an online account ?>
                                            <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger" href="post.php?archive_account=<?php echo $account_id; ?>">
+                                            <a class="dropdown-item text-danger" href="post.php?archive_account=<?php echo $account_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
                                                <i class="fas fa-fw fa-archive mr-2"></i>Archive
                                            </a>
                                        <?php } ?>