Require CSRF token to edit more admin settings - thanks again to @stehled

This commit is contained in:
Marcus Hill
2023-11-25 18:15:25 +00:00
parent 51ac53dc50
commit 8068cb6081
19 changed files with 54 additions and 10 deletions

View File

@@ -6,6 +6,7 @@
if (isset($_POST['add_tax'])) {
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
$percent = floatval($_POST['percent']);
@@ -22,6 +23,7 @@ if (isset($_POST['add_tax'])) {
if (isset($_POST['edit_tax'])) {
validateCSRFToken($_POST['csrf_token']);
$tax_id = intval($_POST['tax_id']);
$name = sanitizeInput($_POST['name']);
$percent = floatval($_POST['percent']);
@@ -38,6 +40,7 @@ if (isset($_POST['edit_tax'])) {
}
if (isset($_GET['archive_tax'])) {
validateCSRFToken($_GET['csrf_token']);
$tax_id = intval($_GET['archive_tax']);
mysqli_query($mysqli,"UPDATE taxes SET tax_archived_at = NOW() WHERE tax_id = $tax_id");