AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing CSRF checks

Browse Source
This commit is contained in:
Frédéric Guillot
2021-06-05 14:33:19 -07:00
committed by fguillot
parent 41102ec161
commit 71123b0f37
23 changed files with 58 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Template/task_list/header.php
View File

@@ -30,9 +30,9 @@
<div class="table-list-header-menu">
<?php if (isset($project)): ?>
<?php if ($this->user->hasSubtaskListActivated()): ?>
<?= $this->url->icon('tasks', t('Hide subtasks'), 'TaskListController', 'show', array('project_id' => $project['id'], 'hide_subtasks' => 1)) ?>
<?= $this->url->icon('tasks', t('Hide subtasks'), 'TaskListController', 'show', array('project_id' => $project['id'], 'hide_subtasks' => 1, 'csrf_token' => $this->app->getToken()->getReusableCSRFToken())) ?>
<?php else: ?>
<?= $this->url->icon('tasks', t('Show subtasks'), 'TaskListController', 'show', array('project_id' => $project['id'], 'show_subtasks' => 1)) ?>
<?= $this->url->icon('tasks', t('Show subtasks'), 'TaskListController', 'show', array('project_id' => $project['id'], 'show_subtasks' => 1, 'csrf_token' => $this->app->getToken()->getReusableCSRFToken())) ?>
<?php endif ?>
<?php endif ?>