AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

racks: Add missing CSRF checks rename unarchive to restore

Browse Source
This commit is contained in:
johnnyq
2026-03-02 20:22:36 -05:00
parent 8bac4f9e53
commit e7b5e7120a
5 changed files with 27 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
agent/post/rack.php
View File

@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['add_rack'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
@@ -51,6 +53,8 @@ if (isset($_POST['add_rack'])) {
if (isset($_POST['edit_rack'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$rack_id = intval($_POST['rack_id']);
@@ -93,6 +97,8 @@ if (isset($_POST['edit_rack'])) {
if (isset($_GET['archive_rack'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$rack_id = intval($_GET['archive_rack']);
@@ -113,11 +119,13 @@ if (isset($_GET['archive_rack'])) {
}
if (isset($_GET['unarchive_rack'])) {
if (isset($_GET['restore_rack'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$rack_id = intval($_GET['unarchive_rack']);
$rack_id = intval($_GET['restore_rack']);
// Get Name and Client ID for logging and alert message
$sql = mysqli_query($mysqli,"SELECT rack_name, rack_client_id FROM racks WHERE rack_id = $rack_id");
@@ -127,9 +135,9 @@ if (isset($_GET['unarchive_rack'])) {
mysqli_query($mysqli,"UPDATE racks SET rack_archived_at = NULL WHERE rack_id = $rack_id");
logAction("Rack", "Unarchive", "$session_name unarchived rack $rack_name", $client_id, $rack_id);
logAction("Rack", "Restore", "$session_name restored rack $rack_name", $client_id, $rack_id);
flash_alert("Rack <strong>$rack_name</strong> Unarchived");
flash_alert("Rack <strong>$rack_name</strong> Restored");
redirect();
@@ -137,6 +145,8 @@ if (isset($_GET['unarchive_rack'])) {
if (isset($_GET['delete_rack'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$rack_id = intval($_GET['delete_rack']);
@@ -165,6 +175,8 @@ if (isset($_GET['delete_rack'])) {
if (isset($_POST['add_rack_unit'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
@@ -210,6 +222,8 @@ if (isset($_POST['add_rack_unit'])) {
if (isset($_POST['edit_rack_unit'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$unit_id = intval($_POST['unit_id']);
@@ -238,6 +252,8 @@ if (isset($_POST['edit_rack_unit'])) {
if (isset($_GET['remove_rack_unit'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$unit_id = intval($_GET['remove_rack_unit']);