AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Software: remove client_id post from edit software modal as it should get the client_id in post, enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 16:23:53 -05:00
parent 8afa2dbf75
commit 91976cc415
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
agent/post/software.php
View File

@@ -16,6 +16,8 @@ if (isset($_POST['add_software_from_template'])) {
$client_id = intval($_POST['client_id']);
$software_template_id = intval($_POST['software_template_id']);
enforceClientAccess();
// GET Software Template Info
$sql_software_templates = mysqli_query($mysqli,"SELECT * FROM software_templates WHERE software_template_id = $software_template_id");
$row = mysqli_fetch_assoc($sql_software_templates);
@@ -71,6 +73,8 @@ if (isset($_POST['add_software'])) {
$notes = sanitizeInput($_POST['notes']);
$vendor = intval($_POST['vendor'] ?? 0);
enforceClientAccess();
mysqli_query($mysqli,"INSERT INTO software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_key = '$key', software_license_type = '$license_type', software_seats = $seats, software_purchase_reference = '$purchase_reference', software_purchase = $purchase, software_expire = $expire, software_notes = '$notes', software_vendor_id = $vendor, software_client_id = $client_id");
$software_id = mysqli_insert_id($mysqli);
@@ -108,7 +112,6 @@ if (isset($_POST['edit_software'])) {
enforceUserPermission('module_support', 2);
$software_id = intval($_POST['software_id']);
$client_id = intval($_POST['client_id']);
$name = sanitizeInput($_POST['name']);
$version = sanitizeInput($_POST['version']);
$description = sanitizeInput($_POST['description']);
@@ -133,6 +136,10 @@ if (isset($_POST['edit_software'])) {
$notes = sanitizeInput($_POST['notes']);
$vendor = intval($_POST['vendor'] ?? 0);
$client_id = intval(getFieldById('software', $software_id, 'software_client_id'));
enforceClientAccess();
mysqli_query($mysqli,"UPDATE software SET software_name = '$name', software_version = '$version', software_description = '$description', software_type = '$type', software_key = '$key', software_license_type = '$license_type', software_seats = $seats, software_purchase_reference = '$purchase_reference', software_purchase = $purchase, software_expire = $expire, software_notes = '$notes', software_vendor_id = $vendor WHERE software_id = $software_id");
@@ -176,6 +183,8 @@ if (isset($_GET['archive_software'])) {
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE software SET software_archived_at = NOW() WHERE software_id = $software_id");
// Remove Software Relations
@@ -204,6 +213,8 @@ if (isset($_GET['delete_software'])) {
$software_name = sanitizeInput($row['software_name']);
$client_id = intval($row['software_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM software WHERE software_id = $software_id");
logAction("Software", "Delete", "$session_name deleted software $software_name and removed all device/user license associations", $client_id);
@@ -231,7 +242,7 @@ if (isset($_POST['export_software_csv'])) {
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM software $client_query ORDER BY software_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM software LEFT JOIN client ON client_id = software_client_id WHERE software_archived_at IS NULL $client_query $access_permission_query ORDER BY software_name ASC");
$num_rows = mysqli_num_rows($sql);