mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
Prevent post pages being accessed directly
This commit is contained in:
wrongecho
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for API settings
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_api_key'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for DB / master key backup
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['download_database'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
* ITFlow - GET/POST request handler for bulk email
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
|
||||
if (isset($_POST['send_bulk_mail_now'])) {
|
||||
|
||||
if (isset($_POST['contact_ids'])) {
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for categories ('category')
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_category'])) {
|
||||
|
||||
require_once 'post/admin/admin_category_model.php';
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
$color = sanitizeInput($_POST['color']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for custom fields
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if(isset($_POST['create_custom_field'])){
|
||||
|
||||
require_once 'post/admin/admin_custom_field_model.php';
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$label = sanitizeInput($_POST['label']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for showing custom links on navbars
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_custom_link'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
// Doc Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Import shared code from user-side docs as we reuse functions
|
||||
require_once 'post/user/document.php';
|
||||
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['send_failed_mail'])) {
|
||||
|
||||
$email_id = intval($_GET['send_failed_mail']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_project_template'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for roles
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_role'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
@@ -59,3 +61,11 @@ if (isset($_POST['edit_role'])) {
|
||||
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if (isset($_GET['archive_role'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
|
||||
|
||||
}
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_ai_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_company'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_default_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_integrations_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_invoice_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_localization'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_mail_smtp_settings'])) {
|
||||
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_module_settings'])) {
|
||||
|
||||
$config_module_enable_itdoc = intval($_POST['config_module_enable_itdoc'] ?? 0);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_notification_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_online_payment_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_project_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_quote_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_security_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_telemetry_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_theme_settings'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_ticket_settings'])) {
|
||||
|
||||
$config_ticket_prefix = sanitizeInput($_POST['config_ticket_prefix']);
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
// Software/License Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Import shared code from software-side tickets as we reuse functions
|
||||
require_once 'post/user/software.php';
|
||||
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for tagging
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_tag'])) {
|
||||
|
||||
require_once 'post/admin/admin_tag_model.php';
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$type = intval($_POST['type']);
|
||||
$color = sanitizeInput($_POST['color']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for tax
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_tax'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_ticket_status'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
// Ticket Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Import shared code from user-side tickets/tasks as we reuse functions
|
||||
require_once 'post/user/ticket.php';
|
||||
require_once 'post/user/task.php';
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_GET['update'])) {
|
||||
|
||||
validateAdminRole(); // Old function
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for user (agent) management
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_user'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$email = sanitizeInput($_POST['email']);
|
||||
$role = intval($_POST['role']);
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
// Vendor Templates
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Import shared code from user-side vendor management as we reuse functions
|
||||
require_once 'post/user/vendor.php';
|
||||
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for account(s) (accounting related)
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_account'])) {
|
||||
enforceUserPermission('module_financial', 2);
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client assets
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_asset'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$mac = sanitizeInput($_POST['mac']);
|
||||
$ip = sanitizeInput($_POST['ip']);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
* ITFlow - GET/POST request handler for budget
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
|
||||
if (isset($_POST['save_budget'])) {
|
||||
|
||||
enforceUserPermission('module_financial', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client SSL certificates
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_certificate'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$domain = sanitizeInput($_POST['domain']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for clients/customers (overview)
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_client'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$type = sanitizeInput($_POST['type']);
|
||||
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['website']));
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client contacts
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_contact'])) {
|
||||
|
||||
enforceUserPermission('module_client', 2);
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client credentials (formerly logins)
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_login'])) {
|
||||
|
||||
enforceUserPermission('module_credential', 2);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
// Model of reusable variables for client credentials/logins - not to be confused with the ITFLow login process
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client documents
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_document'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$folder = intval($_POST['folder']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client domains
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_domain'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = preg_replace("(^https?://)", "", sanitizeInput($_POST['name']));
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$registrar = intval($_POST['registrar']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for calendar & events
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_calendar'])) {
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$calendar_id = intval($_POST['calendar']);
|
||||
$title = sanitizeInput($_POST['title']);
|
||||
$location = sanitizeInput($_POST['location']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for expenses
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_expense'])) {
|
||||
|
||||
require_once 'post/user/expense_model.php';
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$date = sanitizeInput($_POST['date']);
|
||||
$amount = floatval($_POST['amount']);
|
||||
$account = intval($_POST['account']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client files/uploads
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['upload_files'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for folders
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['create_folder'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for invoices & payments
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_invoice'])) {
|
||||
|
||||
require_once 'post/user/invoice_model.php';
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$date = sanitizeInput($_POST['date']);
|
||||
$category = intval($_POST['category']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client physical locations/sites
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if(isset($_POST['add_location'])){
|
||||
|
||||
enforceUserPermission('module_client', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client networks
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_network'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$vlan = intval($_POST['vlan']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for products
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
// Products
|
||||
if (isset($_POST['add_product'])) {
|
||||
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$price = floatval($_POST['price']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for user profiles (tech/agent)
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['edit_your_user_details'])) {
|
||||
|
||||
// CSRF Check
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for tasks
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_project'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for quotes
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_quote'])) {
|
||||
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$date = sanitizeInput($_POST['date']);
|
||||
$expire = sanitizeInput($_POST['expire']);
|
||||
$category = intval($_POST['category']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client racks
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_rack'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for revenue
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_revenue'])) {
|
||||
|
||||
enforceUserPermission('module_sales', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client service info
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_service'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
* ITFlow - GET/POST request handler for client software & licenses
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_software_from_template'])) {
|
||||
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for tasks
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_task'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for client tickets
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_ticket'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$client_id = intval($_POST['client']);
|
||||
$subject = sanitizeInput($_POST['subject']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for transfers (accounting)
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_transfer'])) {
|
||||
|
||||
enforceUserPermission('module_financial', 2);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$date = sanitizeInput($_POST['date']);
|
||||
$amount = floatval($_POST['amount']);
|
||||
$account_from = intval($_POST['account_from']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for trips (accounting related)
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_trip'])) {
|
||||
|
||||
require_once 'post/user/trip_model.php';
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$date = sanitizeInput($_POST['date']);
|
||||
$source = sanitizeInput($_POST['source']);
|
||||
$destination = sanitizeInput($_POST['destination']);
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for vendors
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_vendor_from_template'])) {
|
||||
|
||||
// GET POST Data
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
* ITFlow - GET/POST request handler for vendor contacts
|
||||
*/
|
||||
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
if (isset($_POST['add_vendor_contact'])) {
|
||||
|
||||
enforceUserPermission('module_client', 2);
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$client_id = intval($_POST['client_id']);
|
||||
$vendor_id = intval($_POST['vendor_id']);
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
||||
|
||||
$name = sanitizeInput($_POST['name']);
|
||||
$description = sanitizeInput($_POST['description']);
|
||||
$account_number = sanitizeInput($_POST['account_number']);
|
||||
|
||||
Reference in New Issue
Block a user