AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

domains: remove client_id post from edit domain modal as it should get the client_id in post, enforceClientAccess

Browse Source
This commit is contained in:
johnnyq
2026-03-06 16:59:15 -05:00
parent 7563148182
commit e7b70c7992
2 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
agent/modals/domain/domain_edit.php
View File

@@ -39,7 +39,7 @@ ob_start();
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="hidden" name="domain_id" value="<?php echo $domain_id; ?>">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<div class="modal-body">
<ul class="nav nav-pills nav-justified mb-3">

24
agent/post/domain.php
View File

@@ -16,6 +16,8 @@ if (isset($_POST['add_domain'])) {
$extended_log_description = '';
$client_id = intval($_POST['client_id']);
enforceClientAccess();
// Set/check/lookup expiry date
if (strtotime($expire)) {
$expire = "'" . $expire . "'";
@@ -69,8 +71,13 @@ if (isset($_POST['edit_domain'])) {
enforceUserPermission('module_support', 2);
require_once 'domain_model.php';
$domain_id = intval($_POST['domain_id']);
$client_id = intval(getFieldById('domains', $domain_id, 'domain_client_id'));
enforceClientAccess();
// Set/check/lookup expiry date
if (strtotime($expire) && (new DateTime($expire)) > (new DateTime())) {
$expire = "'" . $expire . "'";
@@ -163,6 +170,8 @@ if (isset($_GET['archive_domain'])) {
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
@@ -187,6 +196,8 @@ if(isset($_GET['restore_domain'])){
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
logAction("Domain", "Restore", "$session_name restored domain $domain_name", $client_id, $domain_id);
@@ -211,6 +222,8 @@ if (isset($_GET['delete_domain'])) {
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"DELETE FROM domains WHERE domain_id = $domain_id");
logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
@@ -243,6 +256,8 @@ if (isset($_POST['bulk_archive_domains'])) {
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NOW() WHERE domain_id = $domain_id");
logAction("Domain", "Archive", "$session_name archived domain $domain_name", $client_id, $domain_id);
@@ -280,6 +295,8 @@ if (isset($_POST['bulk_restore_domains'])) {
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
enforceClientAccess();
mysqli_query($mysqli,"UPDATE domains SET domain_archived_at = NULL WHERE domain_id = $domain_id");
logAction("Domain", "Restore", "$session_name restored domain $domain_name", $client_id, $domain_id);
@@ -318,6 +335,8 @@ if (isset($_POST['bulk_delete_domains'])) {
$domain_name = sanitizeInput($row['domain_name']);
$client_id = intval($row['domain_client_id']);
enforceClientAccess();
mysqli_query($mysqli, "DELETE FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id");
logAction("Domain", "Delete", "$session_name deleted domain $domain_name", $client_id);
@@ -341,16 +360,17 @@ if (isset($_POST['export_domains_csv'])) {
if ($_POST['client_id']) {
$client_id = intval($_POST['client_id']);
$client_query = "WHERE domain_client_id = $client_id";
$client_query = "AND domain_client_id = $client_id";
$client_name = getFieldById('clients', $client_id, 'client_name');
$file_name_prepend = "$client_name-";
enforceClientAccess();
} else {
$client_query = '';
$client_id = 0;
$file_name_prepend = "$session_company_name-";
}
$sql = mysqli_query($mysqli,"SELECT * FROM domains $client_query ORDER BY domain_name ASC");
$sql = mysqli_query($mysqli,"SELECT * FROM domains LEFT JOIN clients ON client_id = domain_client_id WHERE domain_archived_at IS NULL $client_query $access_permission_query ORDER BY domain_name ASC");
$num_rows = mysqli_num_rows($sql);