AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 16:24:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add missing CSRF Checks in admin area and settings

Browse Source
This commit is contained in:
johnnyq
2026-03-02 22:15:36 -05:00
parent 6da8821f2c
commit 918b40afbe
48 changed files with 160 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin/post/settings_ticket.php
View File

@@ -4,6 +4,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['edit_ticket_settings'])) {
validateCSRFToken($_POST['csrf_token']);
$config_ticket_prefix = sanitizeInput($_POST['config_ticket_prefix']);
$config_ticket_next_number = intval($_POST['config_ticket_next_number']);
$config_ticket_email_parse = intval($_POST['config_ticket_email_parse'] ?? 0);
@@ -18,7 +20,7 @@ if (isset($_POST['edit_ticket_settings'])) {
$config_ticket_moving_columns = intval($_POST['config_ticket_moving_columns']);
$config_ticket_ordering = intval($_POST['config_ticket_ordering']);
$config_ticket_timer_autostart = intval($_POST['config_ticket_timer_autostart']);
mysqli_query($mysqli,"UPDATE settings SET config_ticket_prefix = '$config_ticket_prefix', config_ticket_next_number = $config_ticket_next_number, config_ticket_email_parse = $config_ticket_email_parse, config_ticket_email_parse_unknown_senders = $config_ticket_email_parse_unknown_senders, config_ticket_autoclose_hours = $config_ticket_autoclose_hours, config_ticket_new_ticket_notification_email = '$config_ticket_new_ticket_notification_email', config_ticket_default_billable = $config_ticket_default_billable, config_ticket_default_view = $config_ticket_default_view, config_ticket_moving_columns = $config_ticket_moving_columns, config_ticket_ordering = $config_ticket_ordering, config_ticket_timer_autostart = $config_ticket_timer_autostart WHERE company_id = 1");
logAction("Settings", "Edit", "$session_name edited ticket settings");