Do not expose IDs in forms
This commit is contained in:
Frederic Guillot
@@ -74,6 +74,8 @@ class TaskExternalLinkController extends BaseController
|
||||
{
|
||||
$task = $this->getTask();
|
||||
$values = $this->request->getValues();
|
||||
$values['task_id'] = $task['id'];
|
||||
|
||||
list($valid, $errors) = $this->externalLinkValidator->validateCreation($values);
|
||||
|
||||
if ($valid) {
|
||||
@@ -108,22 +110,14 @@ class TaskExternalLinkController extends BaseController
|
||||
public function edit(array $values = array(), array $errors = array())
|
||||
{
|
||||
$task = $this->getTask();
|
||||
$link_id = $this->request->getIntegerParam('link_id');
|
||||
|
||||
if ($link_id > 0) {
|
||||
$values = $this->taskExternalLinkModel->getById($link_id);
|
||||
}
|
||||
|
||||
if (empty($values)) {
|
||||
throw new PageNotFoundException();
|
||||
}
|
||||
|
||||
$provider = $this->externalLinkManager->getProvider($values['link_type']);
|
||||
$link = $this->getExternalTaskLink($task);
|
||||
$provider = $this->externalLinkManager->getProvider($link['link_type']);
|
||||
|
||||
$this->response->html($this->template->render('task_external_link/edit', array(
|
||||
'values' => $values,
|
||||
'errors' => $errors,
|
||||
'task' => $task,
|
||||
'values' => empty($values) ? $link : $values,
|
||||
'errors' => $errors,
|
||||
'task' => $task,
|
||||
'link' => $link,
|
||||
'dependencies' => $provider->getDependencies(),
|
||||
)));
|
||||
}
|
||||
@@ -136,7 +130,12 @@ class TaskExternalLinkController extends BaseController
|
||||
public function update()
|
||||
{
|
||||
$task = $this->getTask();
|
||||
$link = $this->getExternalTaskLink($task);
|
||||
|
||||
$values = $this->request->getValues();
|
||||
$values['id'] = $link['id'];
|
||||
$values['task_id'] = $link['task_id'];
|
||||
|
||||
list($valid, $errors) = $this->externalLinkValidator->validateModification($values);
|
||||
|
||||
if ($valid && $this->taskExternalLinkModel->update($values)) {
|
||||
@@ -155,12 +154,7 @@ class TaskExternalLinkController extends BaseController
|
||||
public function confirm()
|
||||
{
|
||||
$task = $this->getTask();
|
||||
$link_id = $this->request->getIntegerParam('link_id');
|
||||
$link = $this->taskExternalLinkModel->getById($link_id);
|
||||
|
||||
if (empty($link)) {
|
||||
throw new PageNotFoundException();
|
||||
}
|
||||
$link = $this->getExternalTaskLink($task);
|
||||
|
||||
$this->response->html($this->template->render('task_external_link/remove', array(
|
||||
'link' => $link,
|
||||
@@ -177,8 +171,9 @@ class TaskExternalLinkController extends BaseController
|
||||
{
|
||||
$this->checkCSRFParam();
|
||||
$task = $this->getTask();
|
||||
$link = $this->getExternalTaskLink($task);
|
||||
|
||||
if ($this->taskExternalLinkModel->remove($this->request->getIntegerParam('link_id'))) {
|
||||
if ($this->taskExternalLinkModel->remove($link['id'])) {
|
||||
$this->flash->success(t('Link removed successfully.'));
|
||||
} else {
|
||||
$this->flash->failure(t('Unable to remove this link.'));
|
||||
|
||||
Reference in New Issue
Block a user