Add missing CSRF Checks in admin area and settings

admin/post/ticket_template.php

@@ -10,6 +10,8 @@ require_once '../agent/post/task.php';
 
 if (isset($_POST['add_ticket_template'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     $name = sanitizeInput($_POST['name']);
     $description = sanitizeInput($_POST['description']);
     $subject = sanitizeInput($_POST['subject']);
@@ -34,6 +36,8 @@ if (isset($_POST['add_ticket_template'])) {
 
 if (isset($_POST['edit_ticket_template'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     $ticket_template_id = intval($_POST['ticket_template_id']);
     $name = sanitizeInput($_POST['name']);
     $description = sanitizeInput($_POST['description']);
@@ -52,6 +56,8 @@ if (isset($_POST['edit_ticket_template'])) {
 
 if (isset($_GET['delete_ticket_template'])) {
 
+    validateCSRFToken($_GET['csrf_token']);
+
     $ticket_template_id = intval($_GET['delete_ticket_template']);
 
     $ticket_template_name = sanitizeInput(getFieldById('ticket_templates', $ticket_template_id, 'ticket_template_name'));
@@ -72,6 +78,8 @@ if (isset($_GET['delete_ticket_template'])) {
 
 if (isset($_POST['add_ticket_template_task'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     $ticket_template_id = intval($_POST['ticket_template_id']);
     $task_name = sanitizeInput($_POST['task_name']);
 
@@ -89,6 +97,8 @@ if (isset($_POST['add_ticket_template_task'])) {
 
 if (isset($_GET['delete_task_template'])) {
 
+    validateCSRFToken($_GET['csrf_token']);
+
     $task_template_id = intval($_GET['delete_task_template']);
 
     $task_template_name = sanitizeInput(getFieldById('tags', $task_template_id, 'task_template_name'));
@@ -100,5 +110,5 @@ if (isset($_GET['delete_task_template'])) {
     flash_alert("Task <strong>$task_template_name</strong> deleted", 'error');
 
     redirect();
-    
+
 }