AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRF Checks on Agent ajax endpoints that would update / delete or add something to the db

Browse Source
This commit is contained in:
johnnyq
2026-03-05 17:12:44 -05:00
parent 994526e2c8
commit a81edc122d
13 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
guest/guest_view_item.php
View File

@@ -231,7 +231,7 @@ if ($item_type == "Document") {
function showOTP(id, secret) {
//Send a GET request to ajax.php as guest_ajax.php?get_totp_token=true&totp_secret=SECRET
jQuery.get(
"guest_ajax.php",
"/agent/ajax.php",
{get_totp_token: 'true', totp_secret: secret},
function(data) {
//If we get a response from post.php, parse it as JSON