AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid people to alter other projects by changing form data

Browse Source
This commit is contained in:
Frederic Guillot
2017-09-23 18:48:45 -07:00
parent 8ecaa60340
commit 074f6c104f
26 changed files with 154 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ New features:
* Vietnamese translation * Vietnamese translation
Security Issues:
* Avoid people to alter other project resources by changing form data
Version 1.0.46 (August 13, 2017) Version 1.0.46 (August 13, 2017)
-------------------------------- --------------------------------

5
app/Controller/ActionController.php
View File

@@ -46,9 +46,10 @@ class ActionController extends BaseController
public function confirm() public function confirm()
{ {
$project = $this->getProject(); $project = $this->getProject();
$action = $this->getAction($project);
$this->response->html($this->helper->layout->project('action/remove', array( $this->response->html($this->helper->layout->project('action/remove', array(
'action' => $this->actionModel->getById($this->request->getIntegerParam('action_id')), 'action' => $action,
'available_events' => $this->eventManager->getAll(), 'available_events' => $this->eventManager->getAll(),
'available_actions' => $this->actionManager->getAvailableActions(), 'available_actions' => $this->actionManager->getAvailableActions(),
'project' => $project, 'project' => $project,
@@ -65,7 +66,7 @@ class ActionController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$action = $this->actionModel->getById($this->request->getIntegerParam('action_id')); $action = $this->getAction($project);
if (! empty($action) && $this->actionModel->remove($action['id'])) { if (! empty($action) && $this->actionModel->remove($action['id'])) {
$this->flash->success(t('Action removed successfully.')); $this->flash->success(t('Action removed successfully.'));

7
app/Controller/ActionCreationController.php
View File

@@ -35,8 +35,9 @@ class ActionCreationController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
if (empty($values['action_name']) || empty($values['project_id'])) { if (empty($values['action_name'])) {
return $this->create(); return $this->create();
} }
@@ -57,8 +58,9 @@ class ActionCreationController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
if (empty($values['action_name']) || empty($values['project_id']) || empty($values['event_name'])) { if (empty($values['action_name']) || empty($values['event_name'])) {
$this->create(); $this->create();
return; return;
} }
@@ -109,6 +111,7 @@ class ActionCreationController extends BaseController
*/ */
private function doCreation(array $project, array $values) private function doCreation(array $project, array $values)
{ {
$values['project_id'] = $project['id'];
list($valid, ) = $this->actionValidator->validateCreation($values); list($valid, ) = $this->actionValidator->validateCreation($values);
if ($valid) { if ($valid) {

90
app/Controller/BaseController.php
View File

@@ -155,4 +155,94 @@ abstract class BaseController extends Base
return $subtask; return $subtask;
} }
protected function getColumn(array $project)
{
$column = $this->columnModel->getById($this->request->getIntegerParam('column_id'));
if (empty($column)) {
throw new PageNotFoundException();
}
if ($column['project_id'] != $project['id']) {
throw new AccessForbiddenException();
}
return $column;
}
protected function getSwimlane(array $project)
{
$swimlane = $this->swimlaneModel->getById($this->request->getIntegerParam('swimlane_id'));
if (empty($swimlane)) {
throw new PageNotFoundException();
}
if ($swimlane['project_id'] != $project['id']) {
throw new AccessForbiddenException();
}
return $swimlane;
}
protected function getCategory(array $project)
{
$category = $this->categoryModel->getById($this->request->getIntegerParam('category_id'));
if (empty($category)) {
throw new PageNotFoundException();
}
if ($category['project_id'] != $project['id']) {
throw new AccessForbiddenException();
}
return $category;
}
protected function getProjectTag(array $project)
{
$tag = $this->tagModel->getById($this->request->getIntegerParam('tag_id'));
if (empty($tag)) {
throw new PageNotFoundException();
}
if ($tag['project_id'] != $project['id']) {
throw new AccessForbiddenException();
}
return $tag;
}
protected function getAction(array $project)
{
$action = $this->actionModel->getById($this->request->getIntegerParam('action_id'));
if (empty($action)) {
throw new PageNotFoundException();
}
if ($action['project_id'] != $project['id']) {
throw new AccessForbiddenException();
}
return $action;
}
protected function getCustomFilter(array $project)
{
$filter = $this->customFilterModel->getById($this->request->getIntegerParam('filter_id'));
if (empty($filter)) {
throw new PageNotFoundException();
}
if ($filter['project_id'] != $project['id']) {
throw new AccessForbiddenException();
}
return $filter;
}
} }

31
app/Controller/CategoryController.php
View File

@@ -12,24 +12,6 @@ use Kanboard\Core\Controller\PageNotFoundException;
*/ */
class CategoryController extends BaseController class CategoryController extends BaseController
{ {
/**
* Get the category (common method between actions)
*
* @access private
* @return array
* @throws PageNotFoundException
*/
private function getCategory()
{
$category = $this->categoryModel->getById($this->request->getIntegerParam('category_id'));
if (empty($category)) {
throw new PageNotFoundException();
}
return $category;
}
/** /**
* List of categories for a given project * List of categories for a given project
* *
@@ -72,8 +54,9 @@ class CategoryController extends BaseController
public function save() public function save()
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
list($valid, $errors) = $this->categoryValidator->validateCreation($values); list($valid, $errors) = $this->categoryValidator->validateCreation($values);
if ($valid) { if ($valid) {
@@ -100,7 +83,7 @@ class CategoryController extends BaseController
public function edit(array $values = array(), array $errors = array()) public function edit(array $values = array(), array $errors = array())
{ {
$project = $this->getProject(); $project = $this->getProject();
$category = $this->getCategory(); $category = $this->getCategory($project);
$this->response->html($this->template->render('category/edit', array( $this->response->html($this->template->render('category/edit', array(
'values' => empty($values) ? $category : $values, 'values' => empty($values) ? $category : $values,
@@ -117,8 +100,12 @@ class CategoryController extends BaseController
public function update() public function update()
{ {
$project = $this->getProject(); $project = $this->getProject();
$category = $this->getCategory($project);
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
$values['id'] = $category['id'];
list($valid, $errors) = $this->categoryValidator->validateModification($values); list($valid, $errors) = $this->categoryValidator->validateModification($values);
if ($valid) { if ($valid) {
@@ -141,7 +128,7 @@ class CategoryController extends BaseController
public function confirm() public function confirm()
{ {
$project = $this->getProject(); $project = $this->getProject();
$category = $this->getCategory(); $category = $this->getCategory($project);
$this->response->html($this->helper->layout->project('category/remove', array( $this->response->html($this->helper->layout->project('category/remove', array(
'project' => $project, 'project' => $project,
@@ -158,7 +145,7 @@ class CategoryController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$category = $this->getCategory(); $category = $this->getCategory($project);
if ($this->categoryModel->remove($category['id'])) { if ($this->categoryModel->remove($category['id'])) {
$this->flash->success(t('Category removed successfully.')); $this->flash->success(t('Category removed successfully.'));

16
app/Controller/ColumnController.php
View File

@@ -61,6 +61,7 @@ class ColumnController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues() + array('hide_in_dashboard' => 0); $values = $this->request->getValues() + array('hide_in_dashboard' => 0);
$values['project_id'] = $project['id'];
list($valid, $errors) = $this->columnValidator->validateCreation($values); list($valid, $errors) = $this->columnValidator->validateCreation($values);
@@ -95,7 +96,7 @@ class ColumnController extends BaseController
public function edit(array $values = array(), array $errors = array()) public function edit(array $values = array(), array $errors = array())
{ {
$project = $this->getProject(); $project = $this->getProject();
$column = $this->columnModel->getById($this->request->getIntegerParam('column_id')); $column = $this->getColumn($project);
$this->response->html($this->helper->layout->project('column/edit', array( $this->response->html($this->helper->layout->project('column/edit', array(
'errors' => $errors, 'errors' => $errors,
@@ -113,7 +114,11 @@ class ColumnController extends BaseController
public function update() public function update()
{ {
$project = $this->getProject(); $project = $this->getProject();
$column = $this->getColumn($project);
$values = $this->request->getValues() + array('hide_in_dashboard' => 0); $values = $this->request->getValues() + array('hide_in_dashboard' => 0);
$values['project_id'] = $project['id'];
$values['id'] = $column['id'];
list($valid, $errors) = $this->columnValidator->validateModification($values); list($valid, $errors) = $this->columnValidator->validateModification($values);
@@ -164,9 +169,10 @@ class ColumnController extends BaseController
public function confirm() public function confirm()
{ {
$project = $this->getProject(); $project = $this->getProject();
$column = $this->getColumn($project);
$this->response->html($this->helper->layout->project('column/remove', array( $this->response->html($this->helper->layout->project('column/remove', array(
'column' => $this->columnModel->getById($this->request->getIntegerParam('column_id')), 'column' => $column,
'project' => $project, 'project' => $project,
))); )));
} }
@@ -178,11 +184,11 @@ class ColumnController extends BaseController
*/ */
public function remove() public function remove()
{ {
$project = $this->getProject();
$this->checkCSRFParam(); $this->checkCSRFParam();
$column_id = $this->request->getIntegerParam('column_id'); $project = $this->getProject();
$column = $this->getColumn($project);
if ($this->columnModel->remove($column_id)) { if ($this->columnModel->remove($column['id'])) {
$this->flash->success(t('Column removed successfully.')); $this->flash->success(t('Column removed successfully.'));
} else { } else {
$this->flash->failure(t('Unable to remove this column.')); $this->flash->failure(t('Unable to remove this column.'));

7
app/Controller/CustomFilterController.php
View File

@@ -59,6 +59,7 @@ class CustomFilterController extends BaseController
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
$values['user_id'] = $this->userSession->getId(); $values['user_id'] = $this->userSession->getId();
list($valid, $errors) = $this->customFilterValidator->validateCreation($values); list($valid, $errors) = $this->customFilterValidator->validateCreation($values);
@@ -84,7 +85,7 @@ class CustomFilterController extends BaseController
public function confirm() public function confirm()
{ {
$project = $this->getProject(); $project = $this->getProject();
$filter = $this->customFilterModel->getById($this->request->getIntegerParam('filter_id')); $filter = $this->getCustomFilter($project);
$this->response->html($this->helper->layout->project('custom_filter/remove', array( $this->response->html($this->helper->layout->project('custom_filter/remove', array(
'project' => $project, 'project' => $project,
@@ -102,7 +103,7 @@ class CustomFilterController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$filter = $this->customFilterModel->getById($this->request->getIntegerParam('filter_id')); $filter = $this->getCustomFilter($project);
$this->checkPermission($project, $filter); $this->checkPermission($project, $filter);
@@ -153,6 +154,8 @@ class CustomFilterController extends BaseController
$this->checkPermission($project, $filter); $this->checkPermission($project, $filter);
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['id'] = $filter['id'];
$values['project_id'] = $project['id'];
if (! isset($values['is_shared'])) { if (! isset($values['is_shared'])) {
$values += array('is_shared' => 0); $values += array('is_shared' => 0);

2
app/Controller/ProjectEditController.php
View File

@@ -65,6 +65,8 @@ class ProjectEditController extends BaseController
*/ */
private function prepareValues(array $project, array $values) private function prepareValues(array $project, array $values)
{ {
$values['id'] = $project['id'];
if (isset($values['is_private'])) { if (isset($values['is_private'])) {
if (! $this->helper->user->hasProjectAccess('ProjectCreationController', 'create', $project['id'])) { if (! $this->helper->user->hasProjectAccess('ProjectCreationController', 'create', $project['id'])) {
unset($values['is_private']); unset($values['is_private']);

33
app/Controller/ProjectTagController.php
View File

@@ -2,8 +2,6 @@
namespace Kanboard\Controller; namespace Kanboard\Controller;
use Kanboard\Core\Controller\AccessForbiddenException;
/** /**
* Class ProjectTagController * Class ProjectTagController
* *
@@ -27,10 +25,6 @@ class ProjectTagController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
if (empty($values)) {
$values['project_id'] = $project['id'];
}
$this->response->html($this->template->render('project_tag/create', array( $this->response->html($this->template->render('project_tag/create', array(
'project' => $project, 'project' => $project,
'values' => $values, 'values' => $values,
@@ -42,6 +36,8 @@ class ProjectTagController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
list($valid, $errors) = $this->tagValidator->validateCreation($values); list($valid, $errors) = $this->tagValidator->validateCreation($values);
if ($valid) { if ($valid) {
@@ -60,8 +56,7 @@ class ProjectTagController extends BaseController
public function edit(array $values = array(), array $errors = array()) public function edit(array $values = array(), array $errors = array())
{ {
$project = $this->getProject(); $project = $this->getProject();
$tag_id = $this->request->getIntegerParam('tag_id'); $tag = $this->getProjectTag($project);
$tag = $this->tagModel->getById($tag_id);
if (empty($values)) { if (empty($values)) {
$values = $tag; $values = $tag;
@@ -78,14 +73,12 @@ class ProjectTagController extends BaseController
public function update() public function update()
{ {
$project = $this->getProject(); $project = $this->getProject();
$tag_id = $this->request->getIntegerParam('tag_id'); $tag = $this->getProjectTag($project);
$tag = $this->tagModel->getById($tag_id);
$values = $this->request->getValues(); $values = $this->request->getValues();
list($valid, $errors) = $this->tagValidator->validateModification($values); $values['project_id'] = $project['id'];
$values['id'] = $tag['id'];
if ($tag['project_id'] != $project['id']) { list($valid, $errors) = $this->tagValidator->validateModification($values);
throw new AccessForbiddenException();
}
if ($valid) { if ($valid) {
if ($this->tagModel->update($values['id'], $values['name'])) { if ($this->tagModel->update($values['id'], $values['name'])) {
@@ -103,8 +96,7 @@ class ProjectTagController extends BaseController
public function confirm() public function confirm()
{ {
$project = $this->getProject(); $project = $this->getProject();
$tag_id = $this->request->getIntegerParam('tag_id'); $tag = $this->getProjectTag($project);
$tag = $this->tagModel->getById($tag_id);
$this->response->html($this->template->render('project_tag/remove', array( $this->response->html($this->template->render('project_tag/remove', array(
'tag' => $tag, 'tag' => $tag,
@@ -116,14 +108,9 @@ class ProjectTagController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$tag_id = $this->request->getIntegerParam('tag_id'); $tag = $this->getProjectTag($project);
$tag = $this->tagModel->getById($tag_id);
if ($tag['project_id'] != $project['id']) { if ($this->tagModel->remove($tag['id'])) {
throw new AccessForbiddenException();
}
if ($this->tagModel->remove($tag_id)) {
$this->flash->success(t('Tag removed successfully.')); $this->flash->success(t('Tag removed successfully.'));
} else { } else {
$this->flash->failure(t('Unable to remove this tag.')); $this->flash->failure(t('Unable to remove this tag.'));

43
app/Controller/SwimlaneController.php
View File

@@ -3,8 +3,6 @@
namespace Kanboard\Controller; namespace Kanboard\Controller;
use Kanboard\Core\Controller\AccessForbiddenException; use Kanboard\Core\Controller\AccessForbiddenException;
use Kanboard\Core\Controller\PageNotFoundException;
use Kanboard\Model\SwimlaneModel;
/** /**
* Swimlanes Controller * Swimlanes Controller
@@ -14,24 +12,6 @@ use Kanboard\Model\SwimlaneModel;
*/ */
class SwimlaneController extends BaseController class SwimlaneController extends BaseController
{ {
/**
* Get the swimlane (common method between actions)
*
* @access private
* @return array
* @throws PageNotFoundException
*/
private function getSwimlane()
{
$swimlane = $this->swimlaneModel->getById($this->request->getIntegerParam('swimlane_id'));
if (empty($swimlane)) {
throw new PageNotFoundException();
}
return $swimlane;
}
/** /**
* List of swimlanes for a given project * List of swimlanes for a given project
* *
@@ -78,6 +58,8 @@ class SwimlaneController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
list($valid, $errors) = $this->swimlaneValidator->validateCreation($values); list($valid, $errors) = $this->swimlaneValidator->validateCreation($values);
if ($valid) { if ($valid) {
@@ -104,7 +86,7 @@ class SwimlaneController extends BaseController
public function edit(array $values = array(), array $errors = array()) public function edit(array $values = array(), array $errors = array())
{ {
$project = $this->getProject(); $project = $this->getProject();
$swimlane = $this->getSwimlane(); $swimlane = $this->getSwimlane($project);
$this->response->html($this->helper->layout->project('swimlane/edit', array( $this->response->html($this->helper->layout->project('swimlane/edit', array(
'values' => empty($values) ? $swimlane : $values, 'values' => empty($values) ? $swimlane : $values,
@@ -121,8 +103,11 @@ class SwimlaneController extends BaseController
public function update() public function update()
{ {
$project = $this->getProject(); $project = $this->getProject();
$swimlane = $this->getSwimlane($project);
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
$values['id'] = $swimlane['id'];
list($valid, $errors) = $this->swimlaneValidator->validateModification($values); list($valid, $errors) = $this->swimlaneValidator->validateModification($values);
if ($valid) { if ($valid) {
@@ -145,7 +130,7 @@ class SwimlaneController extends BaseController
public function confirm() public function confirm()
{ {
$project = $this->getProject(); $project = $this->getProject();
$swimlane = $this->getSwimlane(); $swimlane = $this->getSwimlane($project);
$this->response->html($this->helper->layout->project('swimlane/remove', array( $this->response->html($this->helper->layout->project('swimlane/remove', array(
'project' => $project, 'project' => $project,
@@ -162,9 +147,9 @@ class SwimlaneController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id'); $swimlane = $this->getSwimlane($project);
if ($this->swimlaneModel->remove($project['id'], $swimlane_id)) { if ($this->swimlaneModel->remove($project['id'], $swimlane['id'])) {
$this->flash->success(t('Swimlane removed successfully.')); $this->flash->success(t('Swimlane removed successfully.'));
} else { } else {
$this->flash->failure(t('Unable to remove this swimlane.')); $this->flash->failure(t('Unable to remove this swimlane.'));
@@ -182,9 +167,9 @@ class SwimlaneController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id'); $swimlane = $this->getSwimlane($project);
if ($this->swimlaneModel->disable($project['id'], $swimlane_id)) { if ($this->swimlaneModel->disable($project['id'], $swimlane['id'])) {
$this->flash->success(t('Swimlane updated successfully.')); $this->flash->success(t('Swimlane updated successfully.'));
} else { } else {
$this->flash->failure(t('Unable to update this swimlane.')); $this->flash->failure(t('Unable to update this swimlane.'));
@@ -202,9 +187,9 @@ class SwimlaneController extends BaseController
{ {
$this->checkCSRFParam(); $this->checkCSRFParam();
$project = $this->getProject(); $project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id'); $swimlane = $this->getSwimlane($project);
if ($this->swimlaneModel->enable($project['id'], $swimlane_id)) { if ($this->swimlaneModel->enable($project['id'], $swimlane['id'])) {
$this->flash->success(t('Swimlane updated successfully.')); $this->flash->success(t('Swimlane updated successfully.'));
} else { } else {
$this->flash->failure(t('Unable to update this swimlane.')); $this->flash->failure(t('Unable to update this swimlane.'));

1
app/Controller/TaskCreationController.php
View File

@@ -49,6 +49,7 @@ class TaskCreationController extends BaseController
{ {
$project = $this->getProject(); $project = $this->getProject();
$values = $this->request->getValues(); $values = $this->request->getValues();
$values['project_id'] = $project['id'];
list($valid, $errors) = $this->taskValidator->validateCreation($values); list($valid, $errors) = $this->taskValidator->validateCreation($values);

1
app/Template/action_creation/create.php
View File

@@ -3,7 +3,6 @@
</div> </div>
<form method="post" action="<?= $this->url->href('ActionCreationController', 'event', array('project_id' => $project['id'])) ?>"> <form method="post" action="<?= $this->url->href('ActionCreationController', 'event', array('project_id' => $project['id'])) ?>">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Action'), 'action_name') ?> <?= $this->form->label(t('Action'), 'action_name') ?>
<?= $this->form->select('action_name', $available_actions, $values) ?> <?= $this->form->select('action_name', $available_actions, $values) ?>

1
app/Template/action_creation/event.php
View File

@@ -5,7 +5,6 @@
<form method="post" action="<?= $this->url->href('ActionCreationController', 'params', array('project_id' => $project['id'])) ?>"> <form method="post" action="<?= $this->url->href('ActionCreationController', 'params', array('project_id' => $project['id'])) ?>">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->hidden('action_name', $values) ?> <?= $this->form->hidden('action_name', $values) ?>
<?= $this->form->label(t('Action'), 'action_name') ?> <?= $this->form->label(t('Action'), 'action_name') ?>

1
app/Template/action_creation/params.php
View File

@@ -5,7 +5,6 @@
<form method="post" action="<?= $this->url->href('ActionCreationController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('ActionCreationController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->hidden('event_name', $values) ?> <?= $this->form->hidden('event_name', $values) ?>
<?= $this->form->hidden('action_name', $values) ?> <?= $this->form->hidden('action_name', $values) ?>

1
app/Template/category/create.php
View File

@@ -3,7 +3,6 @@
</div> </div>
<form method="post" action="<?= $this->url->href('CategoryController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('CategoryController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Category Name'), 'name') ?> <?= $this->form->label(t('Category Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"')) ?>

3
app/Template/category/edit.php
View File

@@ -5,9 +5,6 @@
<form method="post" action="<?= $this->url->href('CategoryController', 'update', array('project_id' => $project['id'], 'category_id' => $values['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('CategoryController', 'update', array('project_id' => $project['id'], 'category_id' => $values['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Category Name'), 'name') ?> <?= $this->form->label(t('Category Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>

2
app/Template/column/create.php
View File

@@ -4,8 +4,6 @@
<form method="post" action="<?= $this->url->href('ColumnController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('ColumnController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Title'), 'title') ?> <?= $this->form->label(t('Title'), 'title') ?>
<?= $this->form->text('title', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?> <?= $this->form->text('title', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>

3
app/Template/column/edit.php
View File

@@ -5,9 +5,6 @@
<form method="post" action="<?= $this->url->href('ColumnController', 'update', array('project_id' => $project['id'], 'column_id' => $column['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('ColumnController', 'update', array('project_id' => $project['id'], 'column_id' => $column['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Title'), 'title') ?> <?= $this->form->label(t('Title'), 'title') ?>
<?= $this->form->text('title', $values, $errors, array('autofocus', 'required', 'maxlength="50"')) ?> <?= $this->form->text('title', $values, $errors, array('autofocus', 'required', 'maxlength="50"')) ?>

1
app/Template/custom_filter/create.php
View File

@@ -3,7 +3,6 @@
</div> </div>
<form method="post" action="<?= $this->url->href('CustomFilterController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('CustomFilterController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->label(t('Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="100"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="100"')) ?>

2
app/Template/custom_filter/edit.php
View File

@@ -5,9 +5,7 @@
<form method="post" action="<?= $this->url->href('CustomFilterController', 'update', array('project_id' => $filter['project_id'], 'filter_id' => $filter['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('CustomFilterController', 'update', array('project_id' => $filter['project_id'], 'filter_id' => $filter['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('user_id', $values) ?> <?= $this->form->hidden('user_id', $values) ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->label(t('Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="100"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="100"')) ?>

1
app/Template/project_edit/show.php
View File

@@ -9,7 +9,6 @@
<?php endif ?> <?php endif ?>
<form method="post" action="<?= $this->url->href('ProjectEditController', 'update', array('project_id' => $project['id'], 'redirect' => 'edit')) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('ProjectEditController', 'update', array('project_id' => $project['id'], 'redirect' => 'edit')) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('id', $values) ?>
<fieldset> <fieldset>
<legend><?= t('General') ?></legend> <legend><?= t('General') ?></legend>

1
app/Template/project_tag/create.php
View File

@@ -3,7 +3,6 @@
</div> </div>
<form method="post" action="<?= $this->url->href('ProjectTagController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('ProjectTagController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->label(t('Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="255"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="255"')) ?>

2
app/Template/project_tag/edit.php
View File

@@ -3,8 +3,6 @@
</div> </div>
<form method="post" action="<?= $this->url->href('ProjectTagController', 'update', array('tag_id' => $tag['id'], 'project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('ProjectTagController', 'update', array('tag_id' => $tag['id'], 'project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->label(t('Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="255"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="255"')) ?>

2
app/Template/swimlane/create.php
View File

@@ -2,9 +2,7 @@
<h2><?= t('Add a new swimlane') ?></h2> <h2><?= t('Add a new swimlane') ?></h2>
</div> </div>
<form method="post" action="<?= $this->url->href('SwimlaneController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('SwimlaneController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->label(t('Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>

4
app/Template/swimlane/edit.php
View File

@@ -3,12 +3,8 @@
</div> </div>
<form method="post" action="<?= $this->url->href('SwimlaneController', 'update', array('project_id' => $project['id'], 'swimlane_id' => $values['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('SwimlaneController', 'update', array('project_id' => $project['id'], 'swimlane_id' => $values['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('project_id', $values) ?>
<?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->label(t('Name'), 'name') ?>
<?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>

1
app/Template/task_creation/show.php
View File

@@ -3,7 +3,6 @@
</div> </div>
<form method="post" action="<?= $this->url->href('TaskCreationController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> <form method="post" action="<?= $this->url->href('TaskCreationController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?> <?= $this->form->csrf() ?>
<?= $this->form->hidden('project_id', $values) ?>
<div class="task-form-container"> <div class="task-form-container">
<div class="task-form-main-column"> <div class="task-form-main-column">