AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid people to alter other projects by changing form data

Browse Source
This commit is contained in:
Frederic Guillot
2017-09-23 18:48:45 -07:00
parent 8ecaa60340
commit 074f6c104f
26 changed files with 154 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/ProjectEditController.php
View File

@@ -65,6 +65,8 @@ class ProjectEditController extends BaseController
*/
private function prepareValues(array $project, array $values)
{
$values['id'] = $project['id'];
if (isset($values['is_private'])) {
if (! $this->helper->user->hasProjectAccess('ProjectCreationController', 'create', $project['id'])) {
unset($values['is_private']);