Require CSRF token to edit more admin settings - thanks again to @stehled

2026-02-28 02:44:53 +00:00 · 2023-11-25 18:15:25 +00:00
parent 51ac53dc50
commit 8068cb6081
19 changed files with 54 additions and 10 deletions
--- a/settings_backup.php
+++ b/settings_backup.php
@@ -7,7 +7,7 @@ require_once "inc_all_settings.php";
            <h3 class="card-title"><i class="fas fa-fw fa-database mr-2"></i>Download Database</h3>
        </div>
        <div class="card-body" style="text-align: center;">
-            <a class="btn btn-primary btn-lg p-3" href="post.php?download_database"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download</a>
+            <a class="btn btn-primary btn-lg p-3" href="post.php?download_database&csrf_token=<?php echo $_SESSION['csrf_token'] ?>"><i class="fas fa-fw fa-4x fa-download"></i><br><br>Download</a>
        </div>
    </div>