AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid people to alter other projects by changing form data

Browse Source
This commit is contained in:
Frederic Guillot
2017-09-23 18:48:45 -07:00
parent 8ecaa60340
commit 074f6c104f
26 changed files with 154 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/ActionController.php
View File

@@ -46,9 +46,10 @@ class ActionController extends BaseController
public function confirm()
{
$project = $this->getProject();
$action = $this->getAction($project);
$this->response->html($this->helper->layout->project('action/remove', array(
'action' => $this->actionModel->getById($this->request->getIntegerParam('action_id')),
'action' => $action,
'available_events' => $this->eventManager->getAll(),
'available_actions' => $this->actionManager->getAvailableActions(),
'project' => $project,
@@ -65,7 +66,7 @@ class ActionController extends BaseController
{
$this->checkCSRFParam();
$project = $this->getProject();
$action = $this->actionModel->getById($this->request->getIntegerParam('action_id'));
$action = $this->getAction($project);
if (! empty($action) && $this->actionModel->remove($action['id'])) {
$this->flash->success(t('Action removed successfully.'));