AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Authenticated users can craft a POST request to delete any file on the webserver. Thank you @

Browse Source 
bhopkins0
This commit is contained in:
johnnyq
2023-05-12 15:24:57 -04:00
parent 51ee479130
commit e67a75805c
7 changed files with 30 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
user_edit_modal.php
View File

@@ -11,7 +11,6 @@
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<input type="hidden" name="existing_file_name" value="<?php echo "$user_avatar"; ?>">
<div class="modal-body bg-white">
<center class="mb-3">