Fix permission issue when changing the url manually

ChangeLog

@@ -20,6 +20,7 @@ Bug fixes:
 
 * Wrong template name for subtasks tooltip due to previous refactoring
 * Fix broken url for closed tasks in project view
+* Fix permission issue when changing the url manually
 
 Version 1.0.17
 --------------

app/Controller/Base.php

@@ -269,12 +269,17 @@ abstract class Base extends \Core\Base
      */
     protected function getTask()
     {
+        $project_id = $this->request->getIntegerParam('project_id');
         $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
 
         if (empty($task)) {
             $this->notfound();
         }
 
+        if ($project_id !== 0 && $project_id != $task['project_id']) {
+            $this->forbidden();
+        }
+
         return $task;
     }