AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-06-27 04:00:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check CSRF and Enforce ClientAccess when deactivating Shared Items

Browse Source
This commit is contained in:
johnnyq
2026-06-26 12:17:38 -04:00
parent f14fa22222
commit e7b53388a0
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
post/misc.php
View File

@@ -63,6 +63,8 @@ if (isset($_GET['dismiss_all_notifications'])) {
// Revoke sharing (sharing itself is done via ajax.php)
if (isset($_GET['deactivate_shared_item'])) {
validateCSRFToken($_GET['csrf_token']);
$item_id = intval($_GET['deactivate_shared_item']);
// Get details of the shared link
@@ -72,6 +74,8 @@ if (isset($_GET['deactivate_shared_item'])) {
$item_related_id = intval($row['item_related_id']);
$client_id = intval($row['item_client_id']);
enforceClientAccess();
// Deactivate item id
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_id = $item_id");