From 9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 16 Dec 2021 20:36:08 -0800
Subject: [PATCH] Switch GET to POST for asset request

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/ViewAssetsController.php      | 2 +-
 resources/lang/en/admin/hardware/message.php       | 2 +-
 resources/views/partials/bootstrap-table.blade.php | 4 ++--
 routes/web.php                                     | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/ViewAssetsController.php b/app/Http/Controllers/ViewAssetsController.php
index 1525e73dbb6a..46b5624e3b88 100755
--- a/app/Http/Controllers/ViewAssetsController.php
+++ b/app/Http/Controllers/ViewAssetsController.php
@@ -179,7 +179,7 @@ public function getRequestAsset($assetId = null)
             $logaction->logaction('request canceled');
             $settings->notify(new RequestAssetCancelation($data));
             return redirect()->route('requestable-assets')
-                ->with('success')->with('success', trans('admin/hardware/message.requests.cancel-success'));
+                ->with('success')->with('success', trans('admin/hardware/message.requests.cancel'));
         }
 
         $logaction->logaction('requested');
diff --git a/resources/lang/en/admin/hardware/message.php b/resources/lang/en/admin/hardware/message.php
index e087cad26f6f..6f82f295bdd1 100644
--- a/resources/lang/en/admin/hardware/message.php
+++ b/resources/lang/en/admin/hardware/message.php
@@ -77,7 +77,7 @@
     'requests' => array(
         'error'   		=> 'Asset was not requested, please try again',
         'success' 		=> 'Asset requested successfully.',
-        'canceled'      => 'Checkout request successfully canceled'
+        'cancel'      => 'Checkout request successfully canceled'
     )
 
 );
diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php
index 7bbef128cf2c..42b638ac236b 100644
--- a/resources/views/partials/bootstrap-table.blade.php
+++ b/resources/views/partials/bootstrap-table.blade.php
@@ -365,9 +365,9 @@ function genericCheckinCheckoutFormatter(destination) {
     // This is only used by the requestable assets section
     function assetRequestActionsFormatter (row, value) {
         if (value.available_actions.cancel == true)  {
-            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';
+            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';
         } else if (value.available_actions.request == true)  {
-            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';
+            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';
         }
 
     }
diff --git a/routes/web.php b/routes/web.php
index 2531728d237f..fc26be38c5c1 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -261,7 +261,7 @@
         'requestable-assets',
         [ 'as' => 'requestable-assets', 'uses' => 'ViewAssetsController@getRequestableIndex' ]
     );
-    Route::get(
+    Route::post(
         'request-asset/{assetId}',
         [ 'as' => 'account/request-asset', 'uses' => 'ViewAssetsController@getRequestAsset' ]
     );