AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Checks on Agent ajax endpoints that would update / delete or add something to the db

Browse Source
This commit is contained in:
johnnyq
2026-03-05 17:12:44 -05:00
parent 994526e2c8
commit a81edc122d
13 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
agent/js/share_modal.js
View File

@@ -23,6 +23,7 @@ function populateShareModal(client_id, item_type, item_ref_id) {
}
function generateShareLink() {
let csrf_token = document.getElementById("csrf_token").value;
let client_id = document.getElementById("share_client_id").value;
let item_type = document.getElementById("share_item_type").value;
let item_ref_id = document.getElementById("share_item_ref_id").value;
@@ -36,7 +37,7 @@ function generateShareLink() {
// Send a GET request to ajax.php as ajax.php?share_generate_link=true....
jQuery.get(
"ajax.php",
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires, contact_email},
{share_generate_link: 'true', csrf_token: csrf_token, client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires, contact_email},
function(data) {
// If we get a response from ajax.php, parse it as JSON