Skip to content
Snippets Groups Projects
Commit c70b987f authored by Peter Rotich's avatar Peter Rotich
Browse files

Add CSRF protection to missed forms

parent 6dc17855
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/staff/ticket-view.inc.php
+ 1
0
View file @ c70b987f
......@@ -614,6 +614,7 @@ if(!$cfg->showNotesInline()) { ?>
<a class="close" href="">&times;</a>
<hr/>
<form action="tickets.php?id=<?php echo $ticket->getId(); ?>" method="post" id="print-form" name="print-form">
<?php csrf_token(); ?>
<input type="hidden" name="a" value="print">
<input type="hidden" name="id" value="<?php echo $ticket->getId(); ?>">
<fieldset class="notes">
......
include/staff/tickets.inc.php
+ 2
0
View file @ c70b987f
......@@ -270,6 +270,7 @@ $negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting..
<!-- SEARCH FORM START -->
<div id='basic_search'>
<form action="tickets.php" method="get">
<?php csrf_token(); ?>
<input type="hidden" name="a" value="search">
<table>
<tr>
......@@ -285,6 +286,7 @@ $negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting..
<div class="clear"></div>
<div style="margin-bottom:20px">
<form action="tickets.php" method="POST" name='tickets' onSubmit="return checkbox_checker(this,1,0);">
<?php csrf_token(); ?>
<a class="refresh" href="<?php echo $_SERVER['REQUEST_URI']; ?>">Refresh</a>
<input type="hidden" name="a" value="mass_process" >
<input type="hidden" name="status" value="<?php echo $status; ?>" >
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment