Contacts: Add missing CSRF checks, add missing permission checks, renamed unarchive to restore

2026-03-23 05:55:38 +00:00 · 2026-03-02 18:28:53 -05:00
parent ad16e92763
commit d936339f07
16 changed files with 115 additions and 43 deletions
--- a/agent/modals/contact/contact_invite.php
+++ b/agent/modals/contact/contact_invite.php
@@ -9,6 +9,7 @@
            </div>

            <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+                <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
                <input type="hidden" name="client_id" value="<?php echo $client_id; ?>">

                <div class="modal-body">
@@ -81,4 +82,4 @@

        </div>
    </div>
-</div>
+</div>