AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-12 16:54:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Checks on Agent ajax endpoints that would update / delete or add something to the db

Browse Source
This commit is contained in:
johnnyq
2026-03-05 17:12:44 -05:00
parent 994526e2c8
commit a81edc122d
13 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
agent/modals/asset/asset_details.php
View File

@@ -408,6 +408,7 @@ ob_start();
"ajax.php",
{
asset_set_notes: 'TRUE',
csrf_token: '<?= $_SESSION['csrf_token'] ?>',
asset_id: asset_id,
notes: notes
}

1
agent/modals/share_modal.php
View File

@@ -10,6 +10,7 @@
</button>
</div>
<form action="ajax.php" method="GET" id="newShareLink">
<input type="hidden" name="csrf_token" id="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="client_id" id="share_client_id" value="">
<input type="hidden" name="item_type" id="share_item_type" value="">
<input type="hidden" name="item_ref_id" id="share_item_ref_id" value="">