AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-13 17:24:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Contacts: Add missing CSRF checks, add missing permission checks, renamed unarchive to restore

Browse Source
This commit is contained in:
johnnyq
2026-03-02 18:28:53 -05:00
parent ad16e92763
commit d936339f07
16 changed files with 115 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
agent/modals/contact/contact_note_add.php
View File

@@ -8,8 +8,8 @@ $sql = mysqli_query($mysqli, "SELECT contact_name FROM contacts WHERE contact_id
$row = mysqli_fetch_assoc($sql);
$contact_name = nullable_htmlentities($row['contact_name']);
// Generate the HTML form content using output buffering.
ob_start();
?>
<div class="modal-header bg-dark">
@@ -20,6 +20,7 @@ ob_start();
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="contact_id" value="<?php echo $contact_id; ?>">
<div class="modal-body">