From 6da824ab2d578e1bb8fced5c5c308de1df9cccaa Mon Sep 17 00:00:00 2001
From: joebordes <joe@tsolucio.com>
Date: Mon, 27 Dec 2021 22:41:11 +0100
Subject: [PATCH] sec(Reports) CSRF in actions CWE-352

---
 modules/Reports/ChangeFolder.php       | 2 +-
 modules/Reports/Delete.php             | 2 +-
 modules/Reports/DeleteReportFolder.php | 2 +-
 modules/Reports/DuplicateReport.php    | 2 +-
 modules/Reports/SaveReportFolder.php   | 1 +
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/Reports/ChangeFolder.php b/modules/Reports/ChangeFolder.php
index 5c4fc460eb..a7c226ebe5 100644
--- a/modules/Reports/ChangeFolder.php
+++ b/modules/Reports/ChangeFolder.php
@@ -10,7 +10,7 @@
 require_once 'include/logging.php';
 require_once 'include/database/PearDatabase.php';
 $folderid = vtlib_purify($_REQUEST['folderid']);
-
+Vtiger_Request::validateRequest();
 if (isset($_REQUEST['idlist']) && $_REQUEST['idlist']!= '') {
 	$id_array = array();
 	$id_array = explode(':', $_REQUEST['idlist']);
diff --git a/modules/Reports/Delete.php b/modules/Reports/Delete.php
index 745eff830f..03a39f08af 100644
--- a/modules/Reports/Delete.php
+++ b/modules/Reports/Delete.php
@@ -12,7 +12,7 @@
 require_once 'include/database/PearDatabase.php';
 
 global $current_user,$adb;
-
+Vtiger_Request::validateRequest();
 if (isset($_REQUEST['idlist']) && $_REQUEST['idlist']!= '') {
 	$id_array = array();
 	$id_array = explode(':', $_REQUEST['idlist']);
diff --git a/modules/Reports/DeleteReportFolder.php b/modules/Reports/DeleteReportFolder.php
index 334fdfa0c6..80fc82ab8c 100644
--- a/modules/Reports/DeleteReportFolder.php
+++ b/modules/Reports/DeleteReportFolder.php
@@ -11,7 +11,7 @@
 require_once 'include/database/PearDatabase.php';
 
 global $adb,$mod_strings;
-
+Vtiger_Request::validateRequest();
 $local_log = LoggerManager::getLogger('index');
 $rfid = vtlib_purify($_REQUEST['record']);
 if ($rfid != '') {
diff --git a/modules/Reports/DuplicateReport.php b/modules/Reports/DuplicateReport.php
index 82867f61ff..fcf3c1687d 100644
--- a/modules/Reports/DuplicateReport.php
+++ b/modules/Reports/DuplicateReport.php
@@ -12,7 +12,7 @@
 require_once 'include/database/PearDatabase.php';
 
 global $adb,$mod_strings,$app_strings;
-
+Vtiger_Request::validateRequest();
 $reportid = vtlib_purify($_REQUEST['record']);
 $newreportname = vtlib_purify($_REQUEST['newreportname']);
 $newreportdescription = vtlib_purify($_REQUEST['newreportdescription']);
diff --git a/modules/Reports/SaveReportFolder.php b/modules/Reports/SaveReportFolder.php
index 3cf991f266..7e14c68942 100644
--- a/modules/Reports/SaveReportFolder.php
+++ b/modules/Reports/SaveReportFolder.php
@@ -12,6 +12,7 @@
 require_once 'include/database/PearDatabase.php';
 
 global $adb, $default_charset;
+Vtiger_Request::validateRequest();
 $local_log = LoggerManager::getLogger('index');
 $focus = new Reports();