AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Trips: Add missing CSRF checks, we may need another permission module check for trips for now only admin and financial lv3 can delete a trip

Browse Source
This commit is contained in:
johnnyq
2026-03-02 17:50:04 -05:00
parent 7b438e2889
commit 8a1335174d
6 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
agent/modals/trip/trip_add.php
View File

@@ -14,6 +14,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="modal-body">

2
agent/modals/trip/trip_copy.php
View File

@@ -29,6 +29,8 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="modal-body">
<div class="form-row">

1
agent/modals/trip/trip_edit.php
View File

@@ -30,6 +30,7 @@ ob_start();
</div>
<form action="post.php" method="post" autocomplete="off">
<div class="modal-body">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="trip_id" value="<?php echo $trip_id; ?>">
<div class="form-row">

1
agent/modals/trip/trip_export.php
View File

@@ -15,6 +15,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?= $client_id ?>">
<div class="modal-body">