AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid people to alter other projects by changing form data

Browse Source
This commit is contained in:
Frederic Guillot
2017-09-23 18:48:45 -07:00
parent 8ecaa60340
commit 074f6c104f
26 changed files with 154 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Controller/ActionCreationController.php
View File

@@ -35,8 +35,9 @@ class ActionCreationController extends BaseController
{
$project = $this->getProject();
$values = $this->request->getValues();
$values['project_id'] = $project['id'];
if (empty($values['action_name']) || empty($values['project_id'])) {
if (empty($values['action_name'])) {
return $this->create();
}
@@ -57,8 +58,9 @@ class ActionCreationController extends BaseController
{
$project = $this->getProject();
$values = $this->request->getValues();
$values['project_id'] = $project['id'];
if (empty($values['action_name']) || empty($values['project_id']) || empty($values['event_name'])) {
if (empty($values['action_name']) || empty($values['event_name'])) {
$this->create();
return;
}
@@ -109,6 +111,7 @@ class ActionCreationController extends BaseController
*/
private function doCreation(array $project, array $values)
{
$values['project_id'] = $project['id'];
list($valid, ) = $this->actionValidator->validateCreation($values);
if ($valid) {