TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

Browse Source
This commit is contained in:
twotalesanimation
2025-12-02 21:08:56 +02:00
parent 5985506001
commit a311e81a12
19 changed files with 190 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
process_trip_booking.php
View File

@@ -2,8 +2,16 @@
require_once("env.php");
require_once("connection.php");
require_once("functions.php");
use Middleware\CsrfMiddleware;
session_start();
// Validate CSRF token early if this is a POST request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
CsrfMiddleware::requireToken($_POST);
}
// Get the trip_id from the request (ensure it's sanitized)
$trip_id = isset($_POST['trip_id']) ? intval($_POST['trip_id']) : 0;