diff --git a/include/utils/Request.php b/include/utils/Request.php
index 552dda3cca..c30dcf564d 100644
--- a/include/utils/Request.php
+++ b/include/utils/Request.php
@@ -194,6 +194,25 @@ protected function validateCSRF() {
}
}
+ public static function validateRequest($die = true, $msg = true) {
+ $request = new Vtiger_Request($_REQUEST);
+ try {
+ $request->validateWriteAccess();
+ } catch (\Throwable $th) {
+ if ($msg) {
+ require_once 'Smarty_setup.php';
+ echo '
';
+ $smarty = new vtigerCRM_Smarty();
+ $smarty->assign('csrfWarning', getTranslatedString($th->getMessage()));
+ $smarty->assign('csrfReload', getTranslatedString('csrf_reload'));
+ $smarty->display('csrf-warning.tpl');
+ }
+ if ($die) {
+ die();
+ }
+ }
+ }
+
public static function get_ip() {
$headers = $_SERVER;
// check for shared internet/ISP IP
diff --git a/modules/Calendar4You/Delete.php b/modules/Calendar4You/Delete.php
index 971ca48e6a..fa224f5ecd 100644
--- a/modules/Calendar4You/Delete.php
+++ b/modules/Calendar4You/Delete.php
@@ -10,7 +10,7 @@
require_once 'modules/Calendar4You/CalendarUtils.php';
global $currentModule, $current_user;
-
+Vtiger_Request::validateRequest();
$Calendar4You = new Calendar4You();
$Calendar4You->GetDefPermission($current_user);
diff --git a/modules/PriceBooks/Delete.php b/modules/PriceBooks/Delete.php
index d06a3df7cf..88799b45e2 100644
--- a/modules/PriceBooks/Delete.php
+++ b/modules/PriceBooks/Delete.php
@@ -8,8 +8,8 @@
* All Rights Reserved.
************************************************************************************/
global $currentModule;
+Vtiger_Request::validateRequest();
$focus = CRMEntity::getInstance($currentModule);
-
$record = vtlib_purify($_REQUEST['record']);
$module = urlencode(vtlib_purify($_REQUEST['module']));
$return_module = vtlib_purify($_REQUEST['return_module']);
diff --git a/modules/ProductComponent/Delete.php b/modules/ProductComponent/Delete.php
index 5f15e1f27d..a69ffb847a 100644
--- a/modules/ProductComponent/Delete.php
+++ b/modules/ProductComponent/Delete.php
@@ -8,8 +8,8 @@
* All Rights Reserved.
************************************************************************************/
global $currentModule;
+Vtiger_Request::validateRequest();
$focus = CRMEntity::getInstance($currentModule);
-
$record = vtlib_purify($_REQUEST['record']);
$module = urlencode(vtlib_purify($_REQUEST['module']));
$return_module = vtlib_purify($_REQUEST['return_module']);
diff --git a/modules/Products/Delete.php b/modules/Products/Delete.php
index 13d44ccb4b..fccbc287c2 100644
--- a/modules/Products/Delete.php
+++ b/modules/Products/Delete.php
@@ -8,8 +8,8 @@
* All Rights Reserved.
************************************************************************************/
global $currentModule;
+Vtiger_Request::validateRequest();
$focus = CRMEntity::getInstance($currentModule);
-
$record = vtlib_purify($_REQUEST['record']);
$module = urlencode(vtlib_purify($_REQUEST['module']));
$return_module = vtlib_purify($_REQUEST['return_module']);
diff --git a/modules/Vtiger/Delete.php b/modules/Vtiger/Delete.php
index 27f3ce0079..17ff4ba8fb 100644
--- a/modules/Vtiger/Delete.php
+++ b/modules/Vtiger/Delete.php
@@ -8,8 +8,8 @@
* All Rights Reserved.
************************************************************************************/
global $currentModule;
+Vtiger_Request::validateRequest();
$focus = CRMEntity::getInstance($currentModule);
-
$record = vtlib_purify($_REQUEST['record']);
$module = urlencode(vtlib_purify($_REQUEST['module']));
$return_module = vtlib_purify($_REQUEST['return_module']);