Check CSRF and Enforce ClientAccess when deactivating Shared Items

2026-06-27 04:00:40 +00:00 · 2026-06-26 12:17:38 -04:00
parent f14fa22222
commit e7b53388a0
2 changed files with 5 additions and 1 deletions
--- a/agent/client_overview.php
+++ b/agent/client_overview.php
@@ -467,7 +467,7 @@ $sql_asset_retired = mysqli_query(
                                </td>
                                <td title="Expires at <?php echo $item_expire_at; ?>">Expires <?php echo $item_expire_at_human ?></td>
                                <td title="Deactivate Link">
-                                    <a class="text-danger confirm-link" href="post.php?deactivate_shared_item=<?php echo $item_id; ?>">
+                                    <a class="text-danger confirm-link" href="post.php?deactivate_shared_item=<?php echo $item_id; ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
                                        <i class="fas fa-fw fa-calendar-times mr-2"></i>
                                    </a>
                                </td>