secure ajax

stonebuzz · trasher · commit 7dcad1efb6ee · 2025-07-10T11:07:45.000+02:00
diff --git a/ajax/agent.php b/ajax/agent.php
@@ -37,6 +37,13 @@
 
 Session::checkLoginUser();
 
+Session::checkRight("inventory", READ);
+
+$computer = new Computer();
+$computer->check($_POST['computers_id'], UPDATE);
+
+
+
 if (isset($_POST['action']) && isset($_POST['id'])) {
     $agent = new Agent();
     if (!$agent->getFromDB($_POST['id'])) {
diff --git a/inc/inventoryaction.class.php b/inc/inventoryaction.class.php
@@ -190,7 +190,7 @@ public static function postItemForm($item)
                                 type: 'POST',
                                 url: '{$url}',
                                 timeout: 3000, //3 seconds timeout
-                                data: {'action': '{$key}', 'id': '{$agent->fields['id']}'},
+                                data: {'action': '{$key}', 'id': '{$agent->fields['id']}', 'computers_id' : '{$item->fields['id']}'},
                                 success: function(json) {
                                     icon.removeClass('fa-spin');
                                     $('#database_inventory_status').html(json.answer);
