mirror of https://github.com/itflow-org/itflow
Merge pull request #1038 from itflow-org/csrf
Enforce CSRF for post/asset and post/account
This commit is contained in:
Johnny
GitHub
commit
765850b22f
|
|
@ -8,6 +8,8 @@
|
|||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
<div class="form-group">
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="account_id" value="<?php echo $account_id; ?>">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<div class="modal-body bg-white">
|
||||
<div class="form-group">
|
||||
<label>Account Name <strong class="text-danger">*</strong></label>
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</a>
|
||||
<?php if ($balance == 0 && $account_id != $config_stripe_account) { //Cannot Archive an Account until it reaches 0 Balance and cant be selected as an online account ?>
|
||||
<div class="dropdown-divider"></div>
|
||||
<a class="dropdown-item text-danger" href="post.php?archive_account=<?php echo $account_id; ?>">
|
||||
<a class="dropdown-item text-danger" href="post.php?archive_account=<?php echo $account_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Archive
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM contacts
|
|||
</div>
|
||||
<div class="card-body">
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="row">
|
||||
|
||||
|
|
|
|||
|
|
@ -92,6 +92,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-sm table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
</div>
|
||||
|
||||
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
|
||||
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
|
|
|||
|
|
@ -334,7 +334,7 @@ if (isset($_GET['asset_id'])) {
|
|||
</a>
|
||||
<?php if ($session_user_role == 3 && $interface_primary == 0) { ?>
|
||||
<div class="dropdown-divider"></div>
|
||||
<a class="dropdown-item text-danger text-bold" href="post.php?delete_asset_interface=<?php echo $interface_id; ?>">
|
||||
<a class="dropdown-item text-danger text-bold" href="post.php?delete_asset_interface=<?php echo $interface_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-trash mr-2"></i>Delete
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="asset_id" value="<?php echo $asset_id; ?>">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
|
||||
|
|
|
|||
|
|
@ -8,11 +8,12 @@
|
|||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
<?php require_once "inc_export_warning.php";
|
||||
?>
|
||||
<?php require_once "inc_export_warning.php"; ?>
|
||||
|
||||
</div>
|
||||
<div class="modal-footer bg-white">
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
<div class="modal-body bg-white">
|
||||
<p><strong>Format csv file with headings & data:</strong><br>Name, Description, Type, Make, Model, Serial, OS, Assigned To, Location</p>
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@
|
|||
</div>
|
||||
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
|
||||
<input type="hidden" name="asset_id" value="<?php echo $asset_id; ?>">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
</div>
|
||||
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="interface_id" value="<?php echo $interface_id; ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,9 @@
|
|||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<input type="hidden" name="current_asset_id" value="<?php echo $asset_id; ?>">
|
||||
|
||||
<div class="modal-body bg-white">
|
||||
|
||||
<div class="form-group">
|
||||
|
|
|
|||
|
|
@ -176,8 +176,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<div class="col-sm-12">
|
||||
<div class="btn-toolbar float-right">
|
||||
<div class="btn-group mr-5">
|
||||
<?php if($all_count) { ?>
|
||||
<a href="?<?php echo $url_query_strings_sort; ?>&type=" class="btn <?php if ($_GET['type'] == 'all' || empty($_GET['type'])) { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">All Assets<span class="right badge badge-light ml-2"><?php echo $all_count; ?></span></a>
|
||||
<?php if ($all_count) { ?>
|
||||
<a href="?<?php echo $url_query_strings_sort; ?>&type=" class="btn <?php if ($_GET['type'] == 'all' || empty($_GET['type'])) { echo 'btn-primary'; } else { echo 'btn-default'; } ?>">All Assets<span class="right badge badge-light ml-2"><?php echo $all_count; ?></span></a>
|
||||
<?php } ?>
|
||||
<?php
|
||||
if ($workstation_count > 0) { ?>
|
||||
|
|
@ -244,6 +244,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</form>
|
||||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive">
|
||||
<table class="table border table-hover">
|
||||
<thead class="thead-light <?php if (!$num_rows[0]) { echo "d-none"; } ?>">
|
||||
|
|
@ -545,19 +547,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</a>
|
||||
<?php if ($session_user_role > 2) { ?>
|
||||
<?php if ($asset_archived_at) { ?>
|
||||
<a class="dropdown-item text-info" href="post.php?unarchive_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-info" href="post.php?unarchive_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
|
||||
</a>
|
||||
<?php } else { ?>
|
||||
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#transferAssetModal<?php echo $asset_id; ?>">
|
||||
<i class="fas fa-fw fa-arrow-right mr-2"></i>Transfer
|
||||
</a>
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Archive
|
||||
</a>
|
||||
<?php } ?>
|
||||
<?php if ($config_destructive_deletes_enable) { ?>
|
||||
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Delete
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -297,10 +297,10 @@ if (isset($_GET['contact_id'])) {
|
|||
</a>
|
||||
<?php if ($session_user_role == 3) { ?>
|
||||
<div class="dropdown-divider"></div>
|
||||
<a class="dropdown-item text-danger" href="post.php?archive_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-danger" href="post.php?archive_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Archive
|
||||
</a>
|
||||
<a class="dropdown-item text-danger text-bold" href="post.php?delete_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-danger text-bold" href="post.php?delete_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-trash mr-2"></i>Delete
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -188,6 +188,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table border">
|
||||
<thead class="thead-light <?php if (!$num_rows[0]) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -198,6 +198,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-border">
|
||||
|
|
|
|||
|
|
@ -243,6 +243,7 @@ $num_of_files = mysqli_num_rows($sql);
|
|||
<?php } else { ?>
|
||||
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table border">
|
||||
|
|
|
|||
|
|
@ -137,6 +137,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="<?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -136,6 +136,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -205,6 +205,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</form>
|
||||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
|
||||
if (isset($_POST['add_account'])) {
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$opening_balance = floatval($_POST['opening_balance']);
|
||||
|
|
@ -24,6 +25,7 @@ if (isset($_POST['add_account'])) {
|
|||
}
|
||||
|
||||
if (isset($_POST['edit_account'])) {
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$account_id = intval($_POST['account_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
|
|
@ -42,6 +44,7 @@ if (isset($_POST['edit_account'])) {
|
|||
}
|
||||
|
||||
if (isset($_GET['archive_account'])) {
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
$account_id = intval($_GET['archive_account']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE accounts SET account_archived_at = NOW() WHERE account_id = $account_id");
|
||||
|
|
@ -55,6 +58,7 @@ if (isset($_GET['archive_account'])) {
|
|||
|
||||
}
|
||||
|
||||
// Not used anywhere?
|
||||
if (isset($_GET['delete_account'])) {
|
||||
$account_id = intval($_GET['delete_account']);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
if (isset($_POST['add_asset'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
|
|
@ -105,6 +106,7 @@ if (isset($_POST['add_asset'])) {
|
|||
|
||||
if (isset($_POST['edit_asset'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$asset_id = intval($_POST['asset_id']);
|
||||
|
|
@ -197,6 +199,7 @@ if (isset($_POST['edit_asset'])) {
|
|||
|
||||
if (isset($_POST['change_client_asset'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$current_asset_id = intval($_POST['current_asset_id']);
|
||||
|
|
@ -244,6 +247,7 @@ if (isset($_POST['change_client_asset'])) {
|
|||
|
||||
if (isset($_GET['archive_asset'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$asset_id = intval($_GET['archive_asset']);
|
||||
|
|
@ -268,6 +272,7 @@ if (isset($_GET['archive_asset'])) {
|
|||
|
||||
if (isset($_GET['unarchive_asset'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$asset_id = intval($_GET['unarchive_asset']);
|
||||
|
|
@ -291,6 +296,7 @@ if (isset($_GET['unarchive_asset'])) {
|
|||
|
||||
if (isset($_GET['delete_asset'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
validateAdminRole();
|
||||
|
||||
$asset_id = intval($_GET['delete_asset']);
|
||||
|
|
@ -318,6 +324,7 @@ if (isset($_GET['delete_asset'])) {
|
|||
|
||||
if (isset($_POST['bulk_assign_asset_location'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$location_id = intval($_POST['bulk_location_id']);
|
||||
|
|
@ -357,6 +364,7 @@ if (isset($_POST['bulk_assign_asset_location'])) {
|
|||
|
||||
if (isset($_POST['bulk_assign_asset_contact'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$contact_id = intval($_POST['bulk_contact_id']);
|
||||
|
|
@ -396,6 +404,7 @@ if (isset($_POST['bulk_assign_asset_contact'])) {
|
|||
|
||||
if (isset($_POST['bulk_edit_asset_status'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$status = sanitizeInput($_POST['bulk_status']);
|
||||
|
|
@ -429,8 +438,9 @@ if (isset($_POST['bulk_edit_asset_status'])) {
|
|||
}
|
||||
|
||||
if (isset($_POST['bulk_archive_assets'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateAdminRole();
|
||||
//validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$count = 0; // Default 0
|
||||
$asset_ids = $_POST['asset_ids']; // Get array of asset IDs to be deleted
|
||||
|
|
@ -469,8 +479,9 @@ if (isset($_POST['bulk_archive_assets'])) {
|
|||
}
|
||||
|
||||
if (isset($_POST['bulk_unarchive_assets'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateAdminRole();
|
||||
//validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
$count = 0; // Default 0
|
||||
$asset_ids = $_POST['asset_ids']; // Get array of asset IDs to be deleted
|
||||
|
|
@ -509,6 +520,7 @@ if (isset($_POST['bulk_unarchive_assets'])) {
|
|||
|
||||
if (isset($_POST["import_client_assets_csv"])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
|
|
@ -655,6 +667,7 @@ if (isset($_GET['download_client_assets_csv_template'])) {
|
|||
|
||||
if (isset($_POST['export_client_assets_csv'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
|
|
@ -704,6 +717,7 @@ if (isset($_POST['export_client_assets_csv'])) {
|
|||
|
||||
if (isset($_POST['add_asset_interface'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$asset_id = intval($_POST['asset_id']);
|
||||
|
|
@ -740,6 +754,7 @@ if (isset($_POST['add_asset_interface'])) {
|
|||
|
||||
if (isset($_POST['edit_asset_interface'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
validateTechRole();
|
||||
|
||||
$interface_id = intval($_POST['interface_id']);
|
||||
|
|
@ -775,6 +790,7 @@ if (isset($_POST['edit_asset_interface'])) {
|
|||
|
||||
if (isset($_GET['delete_asset_interface'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
validateAdminRole();
|
||||
|
||||
$interface_id = intval($_GET['delete_asset_interface']);
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ if(isset($_POST['create_custom_field'])){
|
|||
|
||||
require_once 'post/custom_field_model.php';
|
||||
|
||||
|
||||
$table = sanitizeInput($_POST['table']);
|
||||
|
||||
mysqli_query($mysqli,"INSERT INTO custom_fields SET custom_field_table = '$table', custom_field_label = '$label', custom_field_type = '$type'");
|
||||
|
|
@ -26,7 +25,6 @@ if(isset($_POST['edit_custom_field'])){
|
|||
|
||||
require_once 'post/custom_field_model.php';
|
||||
|
||||
|
||||
$custom_field_id = intval($_POST['custom_field_id']);
|
||||
|
||||
mysqli_query($mysqli,"UPDATE custom_fields SET custom_field_label = '$label', custom_field_type = '$type' WHERE custom_field_id = $custom_field_id");
|
||||
|
|
|
|||
|
|
@ -124,6 +124,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if ($num_rows[0] == 0) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
|
|
@ -223,6 +223,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</form>
|
||||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive">
|
||||
<table class="table border table-hover">
|
||||
<thead class="thead-light <?php if (!$num_rows[0]) { echo "d-none"; } ?>">
|
||||
|
|
@ -525,19 +527,19 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
|
|||
</a>
|
||||
<?php if ($session_user_role > 2) { ?>
|
||||
<?php if ($asset_archived_at) { ?>
|
||||
<a class="dropdown-item text-info" href="post.php?unarchive_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-info" href="post.php?unarchive_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-redo mr-2"></i>Unarchive
|
||||
</a>
|
||||
<?php } else { ?>
|
||||
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#transferAssetModal<?php echo $asset_id; ?>">
|
||||
<i class="fas fa-fw fa-arrow-right mr-2"></i>Transfer
|
||||
</a>
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Archive
|
||||
</a>
|
||||
<?php } ?>
|
||||
<?php if ($config_destructive_deletes_enable) { ?>
|
||||
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_asset=<?php echo $asset_id; ?>">
|
||||
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_asset=<?php echo $asset_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-archive mr-2"></i>Delete
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
|
|
|||
|
|
@ -299,6 +299,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
|
|||
<hr>
|
||||
<form id="bulkActions" action="post.php" method="post">
|
||||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="table-responsive-sm">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if (!$num_rows[0]) { echo "d-none"; } ?>">
|
||||
|
|
|
|||
Loading…
Reference in New Issue