LotusGuild/tinker_tickets
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Remove broken AuditLogModel call in upload_attachment.php

Browse Source 
The AuditLogModel was being instantiated without required $conn parameter
when logging CSRF failures, causing a 500 error.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-01-20 16:51:26 -05:00
parent 591fad52cc
commit 7dffd8ed35
1 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/upload_attachment.php
View File

@@ -60,9 +60,6 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
// Verify CSRF token
$csrfToken = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
if (!CsrfMiddleware::validateToken($csrfToken)) {
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
$auditLog = new AuditLogModel();
$auditLog->logCsrfFailure($_SESSION['user']['user_id'] ?? null, 'upload_attachment');
ResponseHelper::forbidden('Invalid CSRF token');
}