fix(admin): verify CSRF token in player-management admin Mods [#139] (#256)

This commit is contained in:
Ferywir
2026-06-23 05:54:03 +02:00
committed by GitHub
parent 6888a09b5f
commit e49069a9c6
17 changed files with 55 additions and 0 deletions
+5
View File
@@ -21,6 +21,11 @@ include_once("../../Database.php");
if (!isset($_SESSION)) session_start();
if(($_SESSION['access']?? 0) < ADMIN) die("Access Denied: You are not Admin!");
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
// itself (it does not go through admin.php's central csrf_verify()).
require_once(__DIR__ . '/../csrf.php');
csrf_verify();
// --- INPUT ---
$id = (int)($_POST['id']?? 0);
$admid = (int)($_POST['admid']?? 0);