AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 00:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

certificates: remove client_id post from edit certificate modal as it should get the client_id in post, enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 16:53:20 -05:00
parent a252ff717e
commit 7563148182
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
agent/modals/certificate/certificate_edit.php
View File

@@ -33,7 +33,7 @@ ob_start();
<form action="post.php" method="post" autocomplete="off"> <form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"> <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="certificate_id" value="<?php echo $certificate_id; ?>"> <input type="hidden" name="certificate_id" value="<?php echo $certificate_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body"> <div class="modal-body">
<ul class="nav nav-pills nav-justified mb-3"> <ul class="nav nav-pills nav-justified mb-3">

20
agent/post/certificate.php
View File

@@ -14,6 +14,10 @@ if (isset($_POST['add_certificate'])) {
require_once 'certificate_model.php'; require_once 'certificate_model.php';
$client_id = intval($_POST['client_id']);
enforceClientAccess();
// Parse public key data for a manually provided public key // Parse public key data for a manually provided public key
if (!empty($public_key) && (empty($expire) && empty($issued_by))) { if (!empty($public_key) && (empty($expire) && empty($issued_by))) {
// Parse the public certificate key. If successful, set attributes from the certificate // Parse the public certificate key. If successful, set attributes from the certificate
@@ -49,8 +53,13 @@ if (isset($_POST['edit_certificate'])) {
enforceUserPermission('module_support', 2); enforceUserPermission('module_support', 2);
require_once 'certificate_model.php'; require_once 'certificate_model.php';
$certificate_id = intval($_POST['certificate_id']); $certificate_id = intval($_POST['certificate_id']);
$client_id = intval(getFieldById('certificates', $certificate_id, 'certificate_client_id'));
enforceClientAccess();
// Parse public key data for a manually provided public key // Parse public key data for a manually provided public key
if (!empty($public_key) && (empty($expire) && empty($issued_by))) { if (!empty($public_key) && (empty($expire) && empty($issued_by))) {
// Parse the public certificate key. If successful, set attributes from the certificate // Parse the public certificate key. If successful, set attributes from the certificate
@@ -124,6 +133,8 @@ if (isset($_GET['archive_certificate'])) {
$certificate_name = sanitizeInput($row['certificate_name']); $certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']); $client_id = intval($row['certificate_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE certificates SET certificate_archived_at = NOW() WHERE certificate_id = $certificate_id"); mysqli_query($mysqli,"UPDATE certificates SET certificate_archived_at = NOW() WHERE certificate_id = $certificate_id");
logAction("Certificate", "Archive", "$session_name archived certificate $certificate_name", $client_id, $certificate_id); logAction("Certificate", "Archive", "$session_name archived certificate $certificate_name", $client_id, $certificate_id);
@@ -148,6 +159,8 @@ if (isset($_GET['restore_certificate'])) {
$certificate_name = sanitizeInput($row['certificate_name']); $certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']); $client_id = intval($row['certificate_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE certificates SET certificate_archived_at = NULL WHERE certificate_id = $certificate_id"); mysqli_query($mysqli,"UPDATE certificates SET certificate_archived_at = NULL WHERE certificate_id = $certificate_id");
logAction("Certificate", "Restore", "$session_name restored certificate $certificate_name", $client_id, $certificate_id); logAction("Certificate", "Restore", "$session_name restored certificate $certificate_name", $client_id, $certificate_id);
@@ -172,6 +185,8 @@ if (isset($_GET['delete_certificate'])) {
$certificate_name = sanitizeInput($row['certificate_name']); $certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']); $client_id = intval($row['certificate_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM certificates WHERE certificate_id = $certificate_id"); mysqli_query($mysqli,"DELETE FROM certificates WHERE certificate_id = $certificate_id");
logAction("Certificate", "Delete", "$session_name deleted certificate $name", $client_id); logAction("Certificate", "Delete", "$session_name deleted certificate $name", $client_id);
@@ -204,6 +219,8 @@ if (isset($_POST['bulk_delete_certificates'])) {
$certificate_name = sanitizeInput($row['certificate_name']); $certificate_name = sanitizeInput($row['certificate_name']);
$client_id = intval($row['certificate_client_id']); $client_id = intval($row['certificate_client_id']);
enforceClientAccess();
mysqli_query($mysqli, "DELETE FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id"); mysqli_query($mysqli, "DELETE FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id");
logAction("Certificate", "Delete", "$session_name deleted certificate $certificate_name", $client_id); logAction("Certificate", "Delete", "$session_name deleted certificate $certificate_name", $client_id);
@@ -231,13 +248,14 @@ if (isset($_POST['export_certificates_csv'])) {
$client_query = "AND certificate_client_id = $client_id"; $client_query = "AND certificate_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name'); $client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-"; $file_name_prepend = "$client_name-";
enforceClientAccess();
} else { } else {
$client_query = ''; $client_query = '';
$client_id = 0; $client_id = 0;
$file_name_prepend = "$session_company_name-"; $file_name_prepend = "$session_company_name-";
} }
$sql = mysqli_query($mysqli,"SELECT * FROM certificates WHERE certificate_archived_at IS NULL $client_query ORDER BY certificate_name ASC"); $sql = mysqli_query($mysqli,"SELECT * FROM certificates LEFT JOIN clients ON client_id = certificate_client_id WHERE certificate_archived_at IS NULL $client_query $access_permission_query ORDER BY certificate_name ASC");
$num_rows = mysqli_num_rows($sql); $num_rows = mysqli_num_rows($sql);

1
agent/post/certificate_model.php
View File

@@ -9,4 +9,3 @@ $expire = sanitizeInput($_POST['expire']);
$public_key = sanitizeInput($_POST['public_key']); $public_key = sanitizeInput($_POST['public_key']);
$notes = sanitizeInput($_POST['notes']); $notes = sanitizeInput($_POST['notes']);
$domain_id = intval($_POST['domain_id'] ?? 0); $domain_id = intval($_POST['domain_id'] ?? 0);
$client_id = intval($_POST['client_id']);