AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Transfers: Add missing CSRF checks

Browse Source
This commit is contained in:
johnnyq
2026-03-02 17:38:20 -05:00
parent 550980719e
commit 7b438e2889
4 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
agent/post/transfer.php
View File

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_transfer'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_financial', 2);
require_once 'transfer_model.php';
@@ -43,6 +45,8 @@ if (isset($_POST['add_transfer'])) {
if (isset($_POST['edit_transfer'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_financial', 2);
require_once 'transfer_model.php';
@@ -67,6 +71,8 @@ if (isset($_POST['edit_transfer'])) {
if (isset($_GET['delete_transfer'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_financial', 3);
$transfer_id = intval($_GET['delete_transfer']);