AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Checks on Agent ajax endpoints that would update / delete or add something to the db

Browse Source
This commit is contained in:
johnnyq
2026-03-05 17:12:44 -05:00
parent 994526e2c8
commit a81edc122d
13 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
agent/quote.php
View File

@@ -616,7 +616,8 @@ new Sortable(document.querySelector('table#items tbody'), {
$.post('ajax.php', {
update_quote_items_order: true,
quote_id: <?php echo $quote_id; ?>,
csrf_token: '<?= $_SESSION['csrf_token'] ?>',
quote_id: <?= $quote_id ?>,
positions: positions
});
}