Require CSRF token to edit more admin settings - thanks again to @stehled

post/tax.php

@@ -6,6 +6,7 @@
 
 if (isset($_POST['add_tax'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
     $name = sanitizeInput($_POST['name']);
     $percent = floatval($_POST['percent']);
 
@@ -22,6 +23,7 @@ if (isset($_POST['add_tax'])) {
 
 if (isset($_POST['edit_tax'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
     $tax_id = intval($_POST['tax_id']);
     $name = sanitizeInput($_POST['name']);
     $percent = floatval($_POST['percent']);
@@ -38,6 +40,7 @@ if (isset($_POST['edit_tax'])) {
 }
 
 if (isset($_GET['archive_tax'])) {
+    validateCSRFToken($_GET['csrf_token']);
     $tax_id = intval($_GET['archive_tax']);
 
     mysqli_query($mysqli,"UPDATE taxes SET tax_archived_at = NOW() WHERE tax_id = $tax_id");