When logged into the admin panel and your session times out, you will be unable to download CSV files from viewing pages.
How to Replicate
Log into the admin panel
Open registration viewer page of a company
Wait for the session to time out (unknown how long this is - probably around an hour)
Try to download the CSV. In the CSV there will be an error
Cause
This is an issue with how dbquery.php validates the request from the user. It checks to see if you are logged in, and if you are, it uses those credentials. If not, it checks to see if you are using a token (e.g. from a registration viewer page). However, when the session times out, it fails the permission check because you are no longer validated, but the session also still exists.
Issue
When logged into the admin panel and your session times out, you will be unable to download CSV files from viewing pages.
How to Replicate
Cause
This is an issue with how dbquery.php validates the request from the user. It checks to see if you are logged in, and if you are, it uses those credentials. If not, it checks to see if you are using a token (e.g. from a registration viewer page). However, when the session times out, it fails the permission check because you are no longer validated, but the session also still exists.