AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Checks in the client portal

Browse Source
This commit is contained in:
johnnyq
2026-03-07 13:11:08 -05:00
parent 6d2cb0aea3
commit 8de7b20ba1
10 changed files with 58 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
client/saved_payment_methods.php
View File

@@ -69,6 +69,7 @@ if (!$stripe_public_key || !$stripe_secret_key) {
<br><br>
<form action="post.php" method="POST">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="form-group">
<button type="submit" class="btn btn-success" name="create_stripe_customer"><strong><i class="fas fa-check mr-2"></i>I grant consent for automatic payments</strong></button>
@@ -108,7 +109,7 @@ if (!$stripe_public_key || !$stripe_secret_key) {
$exp_year = nullable_htmlentities($pm->card->exp_year);
echo "<li><i class='$payment_icon fa-2x mr-2'></i>$brand x<strong>$last4</strong> | Exp. $exp_month/$exp_year";
echo " <a class='text-danger' href='post.php?delete_saved_payment={$method['saved_payment_id']}'>Remove</a></li>";
echo " <a class='text-danger' href='post.php?delete_saved_payment={$method['saved_payment_id']}&csrf_token={$_SESSION['csrf_token']}'>Remove</a></li>";
}
} catch (Exception $e) {
$error = $e->getMessage();