AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Budget - CSRF + Perms

Browse Source
This commit is contained in:
wrongecho
2024-10-03 20:52:37 +01:00
parent 6d6689e7c5
commit f8c6a5ef19
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
post/user/budget.php
View File

@@ -5,6 +5,11 @@
*/
if (isset($_POST['save_budget'])) {
enforceUserPermission('module_financial', 2);
validateCSRFToken($_POST['csrf_token']);
$budgets = $_POST['budget'];
$year = intval($_POST['year']);
@@ -37,6 +42,11 @@ if (isset($_POST['save_budget'])) {
}
if (isset($_POST['delete_budget'])) {
enforceUserPermission('module_financial', 3);
validateCSRFToken($_POST['csrf_token']);
$year = intval($_POST['year']);
mysqli_query($mysqli,"DELETE FROM budget WHERE budget_year = $year");