AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Client: Add missing CSRF checks, and missing enforcements

Browse Source
This commit is contained in:
johnnyq
2026-03-01 20:42:18 -05:00
parent ae81092112
commit ef1b65de09
5 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
agent/post/client.php
View File

@@ -252,6 +252,8 @@ if (isset($_POST['add_client'])) {
if (isset($_POST['edit_client'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
require_once 'client_model.php';
@@ -443,6 +445,8 @@ if (isset($_GET['delete_client'])) {
if (isset($_POST['export_clients_csv'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 1);
//get records from database
@@ -493,6 +497,8 @@ if (isset($_POST['export_clients_csv'])) {
if (isset($_POST["import_clients_csv"])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
$error = false;
@@ -986,6 +992,10 @@ if (isset($_POST['bulk_assign_client_tags'])) {
if (isset($_POST['bulk_send_client_email']) && isset($_POST['client_ids'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 1);
$client_ids = array_map('intval', $_POST['client_ids']);
$count = count($client_ids);
@@ -1141,6 +1151,8 @@ if (isset($_POST['bulk_unarchive_clients'])) {
if (isset($_POST["export_client_pdf"])) {
validateCSRFToken($_POST['csrf_token']);
// Enforce permissions
enforceUserPermission("module_client", 3);
enforceUserPermission("module_support", 1);