AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enforce CSRF for post/asset and post/account

Browse Source 
Tiny bit of tidying
This commit is contained in:
wrongecho
2024-09-08 22:52:38 +01:00
parent d1410ef967
commit 64684e1248
29 changed files with 64 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
post/account.php
View File

@@ -5,6 +5,7 @@
*/
if (isset($_POST['add_account'])) {
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
$opening_balance = floatval($_POST['opening_balance']);
@@ -24,6 +25,7 @@ if (isset($_POST['add_account'])) {
}
if (isset($_POST['edit_account'])) {
validateCSRFToken($_POST['csrf_token']);
$account_id = intval($_POST['account_id']);
$name = sanitizeInput($_POST['name']);
@@ -42,6 +44,7 @@ if (isset($_POST['edit_account'])) {
}
if (isset($_GET['archive_account'])) {
validateCSRFToken($_GET['csrf_token']);
$account_id = intval($_GET['archive_account']);
mysqli_query($mysqli,"UPDATE accounts SET account_archived_at = NOW() WHERE account_id = $account_id");
@@ -55,6 +58,7 @@ if (isset($_GET['archive_account'])) {
}
// Not used anywhere?
if (isset($_GET['delete_account'])) {
$account_id = intval($_GET['delete_account']);