AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #625 from wrongecho/users

Browse Source 
Require CSRF when enabling/disabling users
This commit is contained in:
Johnny
2023-02-14 19:29:30 -05:00
committed by GitHub
parent fbe2a65ba8 3cb83d2b41
commit eb1f3c7a77
3 changed files with 31 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
post.php
View File

@@ -190,6 +190,7 @@ if(isset($_POST['edit_user'])){
if(isset($_GET['activate_user'])){
validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['activate_user']);
@@ -207,6 +208,7 @@ if(isset($_GET['activate_user'])){
if(isset($_GET['disable_user'])){
validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
$user_id = intval($_GET['disable_user']);
@@ -6836,7 +6838,7 @@ if(isset($_POST['merge_ticket'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Merged', log_description = 'Merged ticket $ticket_prefix$ticket_number into $ticket_prefix$merge_into_ticket_number', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Ticket merged into $ticket_prefix$merge_into_ticket_number.";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}