From 0c0cf2f427a265a24df6d2b8e02a76146c4bb6a2 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 29 Sep 2024 19:08:59 +0100
Subject: [PATCH] Refactor POST handling.

- Split into admin and user handlers, each admin page gets its own file now
- Enforce role access once for admin POST requests
- Automatically load POST logic for admin-based requests based on the referring page, otherwise automatically load all user request logic
- Add support for using custom POST handlers
---
 post/admin/admin_settings_module.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post/admin/admin_settings_module.php b/post/admin/admin_settings_module.php
index 8f572b7d4..4d231c0a2 100644
--- a/post/admin/admin_settings_module.php
+++ b/post/admin/admin_settings_module.php
@@ -6,7 +6,7 @@
     $config_module_enable_ticketing = intval($_POST['config_module_enable_ticketing']);
     $config_module_enable_accounting = intval($_POST['config_module_enable_accounting']);
     $config_client_portal_enable = intval($_POST['config_client_portal_enable']);
-    $config_whitelabel_key = $_POST['config_whitelabel_key'];
+    $config_whitelabel_key = sanitizeInput($_POST['config_whitelabel_key']);
 
     mysqli_query($mysqli,"UPDATE settings SET config_module_enable_itdoc = $config_module_enable_itdoc, config_module_enable_ticketing = $config_module_enable_ticketing, config_module_enable_accounting = $config_module_enable_accounting, config_client_portal_enable = $config_client_portal_enable WHERE company_id = 1");