AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security issue: Unexpected access to any tasks from a shared public board

Browse Source
This commit is contained in:
Frederic Guillot
2016-03-04 22:06:55 -05:00
parent a7f3e3bec5
commit f9f5d7188b
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/Task.php
View File

@@ -23,13 +23,17 @@ class Task extends Base
// Token verification
if (empty($project)) {
$this->forbidden(true);
return $this->forbidden(true);
}
$task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
if (empty($task)) {
$this->notfound(true);
return $this->notfound(true);
}
if ($task['project_id'] != $project['id']) {
return $this->forbidden(true);
}
$this->response->html($this->helper->layout->app('task/public', array(