Add missing CSRF Checks in admin area and settings

2026-03-11 08:14:52 +00:00 · 2026-03-02 22:15:36 -05:00
parent 6da8821f2c
commit 918b40afbe
48 changed files with 160 additions and 45 deletions
--- a/admin/modals/ticket_template/ticket_template_edit.php
+++ b/admin/modals/ticket_template/ticket_template_edit.php
@@ -9,7 +9,9 @@
                </button>
            </div>
            <form action="post.php" method="post" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
                <input type="hidden" name="ticket_template_id" value="<?php echo $ticket_template_id; ?>">
+
                <div class="modal-body">

                    <div class="form-group">
@@ -45,7 +47,7 @@
                            <input type="text" class="form-control" name="description" value="<?php echo $ticket_template_description; ?>" placeholder="Short description">
                        </div>
                    </div>
-            
+
                </div>
                <div class="modal-footer">
                    <button type="submit" name="edit_ticket_template" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>