Prevent post pages being accessed directly

2026-02-28 10:54:52 +00:00 · 2025-01-09 16:09:39 +00:00
parent ec54b28b02
commit a67de7a8f1
91 changed files with 190 additions and 16 deletions
--- a/post/admin/admin_role.php
+++ b/post/admin/admin_role.php
@@ -4,6 +4,8 @@
 * ITFlow - GET/POST request handler for roles
 */

+defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
+
 if (isset($_POST['add_role'])) {

    validateCSRFToken($_POST['csrf_token']);
@@ -59,3 +61,11 @@ if (isset($_POST['edit_role'])) {

    header("Location: " . $_SERVER["HTTP_REFERER"]);
 }
+
+if (isset($_GET['archive_role'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+
+
+}