diff --git a/agent/modals/rack/rack_add.php b/agent/modals/rack/rack_add.php index e206d177..d65468c6 100644 --- a/agent/modals/rack/rack_add.php +++ b/agent/modals/rack/rack_add.php @@ -15,7 +15,7 @@ ob_start();
- +
diff --git a/agent/modals/rack/rack_device_add.php b/agent/modals/rack/rack_device_add.php index 95a8a35a..ab09cc9e 100644 --- a/agent/modals/rack/rack_device_add.php +++ b/agent/modals/rack/rack_device_add.php @@ -21,7 +21,7 @@ ob_start();
- + diff --git a/agent/modals/rack/rack_edit.php b/agent/modals/rack/rack_edit.php index d132e66a..0f1960bc 100644 --- a/agent/modals/rack/rack_edit.php +++ b/agent/modals/rack/rack_edit.php @@ -31,7 +31,7 @@ ob_start(); - + diff --git a/agent/post/rack.php b/agent/post/rack.php index 65d28b2f..7beb28ae 100644 --- a/agent/post/rack.php +++ b/agent/post/rack.php @@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed"); if (isset($_POST['add_rack'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $client_id = intval($_POST['client_id']); @@ -51,6 +53,8 @@ if (isset($_POST['add_rack'])) { if (isset($_POST['edit_rack'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $rack_id = intval($_POST['rack_id']); @@ -93,6 +97,8 @@ if (isset($_POST['edit_rack'])) { if (isset($_GET['archive_rack'])) { + validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 2); $rack_id = intval($_GET['archive_rack']); @@ -113,11 +119,13 @@ if (isset($_GET['archive_rack'])) { } -if (isset($_GET['unarchive_rack'])) { +if (isset($_GET['restore_rack'])) { + + validateCSRFToken($_GET['csrf_token']); enforceUserPermission('module_support', 2); - $rack_id = intval($_GET['unarchive_rack']); + $rack_id = intval($_GET['restore_rack']); // Get Name and Client ID for logging and alert message $sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id"); @@ -127,9 +135,9 @@ if (isset($_GET['unarchive_rack'])) { mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NULL WHERE rack_id = $rack_id"); - logAction("Rack", "Unarchive", "$session_name unarchived rack $rack_name", $client_id, $rack_id); + logAction("Rack", "Restore", "$session_name restored rack $rack_name", $client_id, $rack_id); - flash_alert("Rack $rack_name Unarchived"); + flash_alert("Rack $rack_name Restored"); redirect(); @@ -137,6 +145,8 @@ if (isset($_GET['unarchive_rack'])) { if (isset($_GET['delete_rack'])) { + validateCSRFToken($_GET['csrf_token']); + enforceUserPermission('module_support', 3); $rack_id = intval($_GET['delete_rack']); @@ -165,6 +175,8 @@ if (isset($_GET['delete_rack'])) { if (isset($_POST['add_rack_unit'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $client_id = intval($_POST['client_id']); @@ -210,6 +222,8 @@ if (isset($_POST['add_rack_unit'])) { if (isset($_POST['edit_rack_unit'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $unit_id = intval($_POST['unit_id']); @@ -238,6 +252,8 @@ if (isset($_POST['edit_rack_unit'])) { if (isset($_GET['remove_rack_unit'])) { + validateCSRFToken($_POST['csrf_token']); + enforceUserPermission('module_support', 2); $unit_id = intval($_GET['remove_rack_unit']); diff --git a/agent/racks.php b/agent/racks.php index 069caba2..040062a9 100644 --- a/agent/racks.php +++ b/agent/racks.php @@ -109,11 +109,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
- + Archive
- + Delete @@ -270,7 +270,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+ href="post.php?remove_rack_unit=&csrf_token="> Remove
@@ -302,7 +302,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
+ href="post.php?remove_rack_unit=&csrf_token="> Remove