AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

services: remove client_id post from edit service modal as it should get the client_id in post, enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 17:01:34 -05:00
parent e7b70c7992
commit a1931f59f8
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
agent/modals/service/service_edit.php
View File

@@ -93,7 +93,6 @@ ob_start();
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id ?>">
<input type="hidden" name="service_id" value="<?php echo $service_id ?>">
<div class="modal-body">

9
agent/post/service.php
View File

@@ -20,6 +20,8 @@ if (isset($_POST['add_service'])) {
$service_backup = sanitizeInput($_POST['backup']);
$service_notes = sanitizeInput($_POST['note']);
enforceClientAccess();
// Create Service
mysqli_query($mysqli, "INSERT INTO services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes', service_client_id = $client_id");
@@ -90,7 +92,6 @@ if (isset($_POST['edit_service'])) {
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
$service_id = intval($_POST['service_id']);
$service_name = sanitizeInput($_POST['name']);
$service_description = sanitizeInput($_POST['description']);
@@ -99,6 +100,10 @@ if (isset($_POST['edit_service'])) {
$service_backup = sanitizeInput($_POST['backup']);
$service_notes = sanitizeInput($_POST['note']);
$client_id = intval(getFieldById('services', $service_id, 'service_client_id'));
enforceClientAccess();
// Update main service details
mysqli_query($mysqli, "UPDATE services SET service_name = '$service_name', service_description = '$service_description', service_category = '$service_category', service_importance = '$service_importance', service_backup = '$service_backup', service_notes = '$service_notes' WHERE service_id = $service_id");
@@ -183,6 +188,8 @@ if (isset($_GET['delete_service'])) {
$service_name = sanitizeInput($row['service_name']);
$client_id = intval($row['service_client_id']);
enforceClientAccess();
// Delete service
mysqli_query($mysqli, "DELETE FROM services WHERE service_id = $service_id");