AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 16:24:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Trips: Add missing CSRF checks, we may need another permission module check for trips for now only admin and financial lv3 can delete a trip

Browse Source
This commit is contained in:
johnnyq
2026-03-02 17:50:04 -05:00
parent 7b438e2889
commit 8a1335174d
6 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
agent/trips.php
View File

@@ -197,7 +197,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fa fa-fw fa-copy mr-2"></i>Copy
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_trip=<?php echo $trip_id; ?>">
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_trip=<?= $trip_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fa fa-fw fa-trash mr-2"></i>Delete
</a>
</div>