Add missing CSRF Checks in admin area and settings

2026-03-11 08:14:52 +00:00 · 2026-03-02 22:15:36 -05:00
parent 6da8821f2c
commit 918b40afbe
48 changed files with 160 additions and 45 deletions
--- a/admin/settings_company.php
+++ b/admin/settings_company.php
@@ -37,7 +37,7 @@ $company_initials = nullable_htmlentities(initials($company_name));
                        <div class="col-md-3 text-center">
                            <?php if ($company_logo) { ?>
                                <img class="img-thumbnail" src="<?php echo "../uploads/settings/$company_logo"; ?>">
-                                <a href="post.php?remove_company_logo" class="btn btn-outline-danger btn-block">Remove Logo</a>
+                                <a href="post.php?remove_company_logo&csrf_token=<?= $_SESSION['csrf_token'] ?>" class="btn btn-outline-danger btn-block">Remove Logo</a>
                                <hr>
                            <?php } ?>
                            <div class="form-group">