domains: Add missing CSRF checks rename unarchive to restore

2026-03-11 00:04:50 +00:00 · 2026-03-02 20:32:20 -05:00
parent dd2ac00aa2
commit b5fb14ec96
5 changed files with 31 additions and 15 deletions
--- a/agent/domains.php
+++ b/agent/domains.php
@@ -150,8 +150,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                            <div class="dropdown-menu">
                                <?php if ($archived) { ?>
                                <button class="dropdown-item text-info"
-                                    type="submit" form="bulkActions" name="bulk_unarchive_domains">
-                                    <i class="fas fa-fw fa-redo mr-2"></i>Unarchive
+                                    type="submit" form="bulkActions" name="bulk_restore_domains">
+                                    <i class="fas fa-fw fa-redo mr-2"></i>Restore
                                </button>
                                <div class="dropdown-divider"></div>
                                <button class="dropdown-item text-danger text-bold"
@@ -330,16 +330,16 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                        <?php if ($session_user_role == 3) { ?>
                                            <?php if ($domain_archived_at) { ?>
                                            <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-info confirm-link" href="post.php?unarchive_domain=<?php echo $domain_id; ?>">
-                                                <i class="fas fa-fw fa-redo mr-2"></i>Unarchive
+                                            <a class="dropdown-item text-info confirm-link" href="post.php?restore_domain=<?php echo $domain_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
+                                                <i class="fas fa-fw fa-redo mr-2"></i>Restore
                                            </a>
                                            <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_domain=<?php echo $domain_id; ?>">
+                                            <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_domain=<?php echo $domain_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                <i class="fas fa-fw fa-trash mr-2"></i>Delete
                                            </a>
                                            <?php } else { ?>
                                            <div class="dropdown-divider"></div>
-                                            <a class="dropdown-item text-danger confirm-link" href="post.php?archive_domain=<?php echo $domain_id; ?>">
+                                            <a class="dropdown-item text-danger confirm-link" href="post.php?archive_domain=<?php echo $domain_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                                <i class="fas fa-fw fa-archive mr-2"></i>Archive
                                            </a>
                                            <?php } ?>
--- a/agent/modals/domain/domain_add.php
+++ b/agent/modals/domain/domain_add.php
@@ -14,6 +14,8 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
+
    <div class="modal-body">

        <ul class="nav nav-pills nav-justified mb-3">
--- a/agent/modals/domain/domain_edit.php
+++ b/agent/modals/domain/domain_edit.php
@@ -37,6 +37,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
    <input type="hidden" name="domain_id" value="<?php echo $domain_id; ?>">
    <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
    <div class="modal-body">
--- a/agent/modals/domain/domain_export.php
+++ b/agent/modals/domain/domain_export.php
@@ -15,6 +15,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
    <input type="hidden" name="client_id" value="<?= $client_id ?>">
    <div class="modal-body">

--- a/agent/post/domain.php
+++ b/agent/post/domain.php
@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");

 if (isset($_POST['add_domain'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    require_once 'domain_model.php';
@@ -62,6 +64,8 @@ if (isset($_POST['add_domain'])) {

 if (isset($_POST['edit_domain'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    require_once 'domain_model.php';
@@ -147,6 +151,8 @@ if (isset($_POST['edit_domain'])) {

 if (isset($_GET['archive_domain'])) {

+    validateCSRFToken($_GET['csrf_token']);
+
    enforceUserPermission('module_support', 2);

    $domain_id = intval($_GET['archive_domain']);
@@ -167,11 +173,13 @@ if (isset($_GET['archive_domain'])) {

 }

-if(isset($_GET['unarchive_domain'])){
+if(isset($_GET['restore_domain'])){
+
+    validateCSRFToken($_GET['csrf_token']);

    enforceUserPermission('module_support', 2);

-    $domain_id = intval($_GET['unarchive_domain']);
+    $domain_id = intval($_GET['restore_domain']);

    // Get Name and Client ID for logging and alert message
    $sql = mysqli_query($mysqli,"SELECT domain_name, domain_client_id FROM domains WHERE domain_id = $domain_id");
@@ -181,7 +189,7 @@ if(isset($_GET['unarchive_domain'])){

    mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");

-    logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
+    logAction("Domain", "Restore", "$session_name restored domain $domain_name", $client_id, $domain_id);

    flash_alert("Domain <strong>$domain_name</strong> restored");

@@ -191,6 +199,8 @@ if(isset($_GET['unarchive_domain'])){

 if (isset($_GET['delete_domain'])) {

+    validateCSRFToken($_GET['csrf_token']);
+
    enforceUserPermission('module_support', 3);

    $domain_id = intval($_GET['delete_domain']);
@@ -248,18 +258,18 @@ if (isset($_POST['bulk_archive_domains'])) {

 }

-if (isset($_POST['bulk_unarchive_domains'])) {
+if (isset($_POST['bulk_restore_domains'])) {

    validateCSRFToken($_POST['csrf_token']);

-    enforceUserPermission('module_support', 3);
+    enforceUserPermission('module_support', 2);

    if (isset($_POST['domain_ids'])) {

        // Get Selected Count
        $count = count($_POST['domain_ids']);

-        // Cycle through array and unarchive
+        // Cycle through array and restore
        foreach ($_POST['domain_ids'] as $domain_id) {

            $domain_id = intval($domain_id);
@@ -272,13 +282,13 @@ if (isset($_POST['bulk_unarchive_domains'])) {

            mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");

-            logAction("Domain", "Unarchive", "$session_name unarchived domain $domain_name", $client_id, $domain_id);
+            logAction("Domain", "Restore", "$session_name restored domain $domain_name", $client_id, $domain_id);

        }

-        logAction("Domain", "Bulk Unarchive", "$session_name unarchived $count domain(s)", $client_id);
+        logAction("Domain", "Bulk Restore", "$session_name restored $count domain(s)", $client_id);

-        flash_alert("Unarchived <strong>$count</strong> domain(s)");
+        flash_alert("Restored <strong>$count</strong> domain(s)");

    }

@@ -325,6 +335,8 @@ if (isset($_POST['bulk_delete_domains'])) {

 if (isset($_POST['export_domains_csv'])) {

+    validateCSRFToken($_POST['csrf_token']);
+
    enforceUserPermission('module_support');

    if ($_POST['client_id']) {