locations: Add missing CSRF checks, add missing permission checks, renamed unarchive to restore

2026-03-11 08:14:52 +00:00 · 2026-03-02 19:15:52 -05:00
parent 18e180eca5
commit c71d1f190e
6 changed files with 38 additions and 15 deletions
--- a/agent/modals/location/location_add.php
+++ b/agent/modals/location/location_add.php
@@ -15,6 +15,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">

    <div class="modal-body">

--- a/agent/modals/location/location_edit.php
+++ b/agent/modals/location/location_edit.php
@@ -47,6 +47,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
    <input type="hidden" name="location_id" value="<?php echo $location_id; ?>">
    <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">

--- a/agent/modals/location/location_export.php
+++ b/agent/modals/location/location_export.php
@@ -15,6 +15,7 @@ ob_start();
    </button>
 </div>
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
    <input type="hidden" name="client_id" value="<?= $client_id ?>">
    <div class="modal-body">

--- a/agent/modals/location/location_import.php
+++ b/agent/modals/location/location_import.php
@@ -15,6 +15,7 @@ ob_start();
 	</button>
 </div>
 <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
 	<input type="hidden" name="client_id" value="<?= $client_id ?>">

 	<div class="modal-body">