AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not expose IDs in forms

Browse Source
This commit is contained in:
Frederic Guillot
2017-09-23 20:56:54 -07:00
parent 074f6c104f
commit 3e0f14ae2b
20 changed files with 112 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Template/subtask/create.php
View File

@@ -3,9 +3,8 @@
</div>
<form method="post" action="<?= $this->url->href('SubtaskController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
<?= $this->form->hidden('task_id', $values) ?>
<?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
<?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
<?= $this->subtask->renderTimeEstimatedField($values, $errors) ?>