Add missing CSRF Checks in admin area and settings

2026-03-11 08:14:52 +00:00 · 2026-03-02 22:15:36 -05:00
parent 6da8821f2c
commit 918b40afbe
48 changed files with 160 additions and 45 deletions
--- a/admin/modals/document_template/document_template_add.php
+++ b/admin/modals/document_template/document_template_add.php
@@ -13,6 +13,8 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+
    <div class="modal-body">

        <div class="form-group">
@@ -39,7 +41,7 @@ ob_start();
        <div class="form-group">
            <input type="text" class="form-control" name="description" placeholder="Enter a short summary">
        </div>
-    
+
    </div>

    <div class="modal-footer">