AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

document and files and folders: Add missing CSRF checks, add missing permission checks

Browse Source
This commit is contained in:
johnnyq
2026-03-02 20:49:35 -05:00
parent 6bbe887f8b
commit 90171064a8
22 changed files with 101 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
agent/modals/document/document_add.php
View File

@@ -17,6 +17,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?= $client_id ?>">
<input type="hidden" name="contact" value="<?= $contact_id ?>">
<input type="hidden" name="asset" value="<?= $asset_id ?>">

1
agent/modals/document/document_add_file_relation.php
View File

@@ -8,6 +8,7 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
<div class="modal-body">

1
agent/modals/document/document_add_from_template.php
View File

@@ -18,6 +18,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body">

1
agent/modals/document/document_edit.php
View File

@@ -25,6 +25,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body">

1
agent/modals/document/document_edit_visibility.php
View File

@@ -27,6 +27,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="modal-body">
<input type="hidden" name="document_id" value="<?= $document_id ?>">
<div class="form-group">

1
agent/modals/document/document_link_asset.php
View File

@@ -23,6 +23,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?= $document_id ?>">
<div class="modal-body">

1
agent/modals/document/document_link_contact.php
View File

@@ -24,6 +24,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?= $document_id ?>">
<div class="modal-body">

1
agent/modals/document/document_link_file.php
View File

@@ -24,6 +24,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?= $document_id ?>">
<div class="modal-body">

1
agent/modals/document/document_link_software.php
View File

@@ -24,6 +24,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?= $document_id ?>">
<div class="modal-body">

1
agent/modals/document/document_link_vendor.php
View File

@@ -24,6 +24,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?= $document_id ?>">
<div class="modal-body">

1
agent/modals/document/document_move.php
View File

@@ -22,6 +22,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
<div class="modal-body">

1
agent/modals/document/document_rename.php
View File

@@ -21,6 +21,7 @@ ob_start();
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="document_id" value="<?php echo $document_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body">