Skip to content

Commit

Permalink
sec(Reports) CSRF in actions CWE-352
Browse files Browse the repository at this point in the history
  • Loading branch information
@joebordes
joebordes committed Dec 27, 2021
1 parent aac4d0d commit 6da824a
Show file tree
Hide file tree
Showing 5 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion modules/Reports/ChangeFolder.php
View file
Expand Up @@ -10,7 +10,7 @@
require_once 'include/logging.php';
require_once 'include/database/PearDatabase.php';
$folderid = vtlib_purify($_REQUEST['folderid']);

Vtiger_Request::validateRequest();
if (isset($_REQUEST['idlist']) && $_REQUEST['idlist']!= '') {
$id_array = array();
$id_array = explode(':', $_REQUEST['idlist']);
Expand Down
2 changes: 1 addition & 1 deletion modules/Reports/Delete.php
View file
Expand Up @@ -12,7 +12,7 @@
require_once 'include/database/PearDatabase.php';

global $current_user,$adb;

Vtiger_Request::validateRequest();
if (isset($_REQUEST['idlist']) && $_REQUEST['idlist']!= '') {
$id_array = array();
$id_array = explode(':', $_REQUEST['idlist']);
Expand Down
2 changes: 1 addition & 1 deletion modules/Reports/DeleteReportFolder.php
View file
Expand Up @@ -11,7 +11,7 @@
require_once 'include/database/PearDatabase.php';

global $adb,$mod_strings;

Vtiger_Request::validateRequest();
$local_log = LoggerManager::getLogger('index');
$rfid = vtlib_purify($_REQUEST['record']);
if ($rfid != '') {
Expand Down
2 changes: 1 addition & 1 deletion modules/Reports/DuplicateReport.php
View file
Expand Up @@ -12,7 +12,7 @@
require_once 'include/database/PearDatabase.php';

global $adb,$mod_strings,$app_strings;

Vtiger_Request::validateRequest();
$reportid = vtlib_purify($_REQUEST['record']);
$newreportname = vtlib_purify($_REQUEST['newreportname']);
$newreportdescription = vtlib_purify($_REQUEST['newreportdescription']);
Expand Down
1 change: 1 addition & 0 deletions modules/Reports/SaveReportFolder.php
View file
Expand Up @@ -12,6 +12,7 @@
require_once 'include/database/PearDatabase.php';

global $adb, $default_charset;
Vtiger_Request::validateRequest();
$local_log = LoggerManager::getLogger('index');
$focus = new Reports();

Expand Down

0 comments on commit 6da824a

Please sign in to comment.