Add missing CSRF Checks in admin area and settings

2026-03-11 08:14:52 +00:00 · 2026-03-02 22:15:36 -05:00
parent 6da8821f2c
commit 918b40afbe
48 changed files with 160 additions and 45 deletions
--- a/admin/post/software_template.php
+++ b/admin/post/software_template.php
@@ -6,6 +6,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");

 if (isset($_POST['add_software_template'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    $name = sanitizeInput($_POST['name']);
    $version = sanitizeInput($_POST['version']);
    $description = sanitizeInput($_POST['description']);
@@ -27,6 +29,8 @@ if (isset($_POST['add_software_template'])) {

 if (isset($_POST['edit_software_template'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    $software_template_id = intval($_POST['software_template_id']);
    $name = sanitizeInput($_POST['name']);
    $version = sanitizeInput($_POST['version']);
@@ -47,6 +51,8 @@ if (isset($_POST['edit_software_template'])) {

 if (isset($_GET['delete_software_template'])) {

+    validateCSRFToken($_GET['csrf_token']);
+
    $software_template_id = intval($_GET['delete_software_template']);

    // Get Software Template Name for logging and alert message