services: Add missing CSRF checks rename unarchive to restore

agent/modals/service/service_add.php

@@ -15,6 +15,7 @@ ob_start();
 </div>
 
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
 
     <div class="modal-body">
         <?php if ($client_id) { ?>

agent/modals/service/service_edit.php

@@ -92,6 +92,7 @@ ob_start();
 </div>
 
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
     <input type="hidden" name="client_id" value="<?php echo $client_id ?>">
     <input type="hidden" name="service_id" value="<?php echo $service_id ?>">
 

agent/post/service.php

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_POST['add_service'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     $client_id = intval($_POST['client_id']);
@@ -84,6 +86,8 @@ if (isset($_POST['add_service'])) {
 
 if (isset($_POST['edit_service'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     $client_id = intval($_POST['client_id']);