Require CSRF token to edit more admin settings - thanks again to @stehled

2026-02-28 02:44:53 +00:00 · 2023-11-25 18:15:25 +00:00
parent 51ac53dc50
commit 8068cb6081
19 changed files with 54 additions and 10 deletions
--- a/settings_tax_edit_modal.php
+++ b/settings_tax_edit_modal.php
@@ -8,20 +8,22 @@
        </button>
      </div>
      <form action="post.php" method="post" autocomplete="off">
+        <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
        <input type="hidden" name="tax_id" value="<?php echo $tax_id; ?>">
+
        <div class="modal-body bg-white">
-          
+
          <div class="form-group">
            <label>Name <strong class="text-danger">*</strong></label>
            <input type="text" class="form-control" name="name" value="<?php echo $tax_name; ?>" required>
          </div>
-          
+
          <div class="form-group">
            <label>Percent <strong class="text-danger">*</strong></label>
            <input type="number" min="0" step="any" class="form-control col-md-4" name="percent" value="<?php echo $tax_percent; ?>">
-          
+
          </div>
-        
+
        </div>
        <div class="modal-footer bg-white">
          <button type="submit" name="edit_tax" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Save</button>
@@ -30,4 +32,4 @@
      </form>
    </div>
  </div>
-</div>
+</div>