summaryrefslogtreecommitdiff
path: root/app/Controller/ActionCreationController.php
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-09-23 18:48:45 -0700
committerFrederic Guillot <fred@kanboard.net>2017-09-23 18:48:45 -0700
commit074f6c104f3e49401ef0065540338fc2d4be79f0 (patch)
tree35ee4b74f9f24749a57b6f54b6e5ec64eaffb1da /app/Controller/ActionCreationController.php
parent8ecaa60340966ee4fec8ee16612803d229e77eb3 (diff)
Avoid people to alter other projects by changing form data
Diffstat (limited to 'app/Controller/ActionCreationController.php')
-rw-r--r--app/Controller/ActionCreationController.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/app/Controller/ActionCreationController.php b/app/Controller/ActionCreationController.php
index 7fee58d1..abb214e6 100644
--- a/app/Controller/ActionCreationController.php
+++ b/app/Controller/ActionCreationController.php
@@ -35,8 +35,9 @@ class ActionCreationController extends BaseController
{
$project = $this->getProject();
$values = $this->request->getValues();
+ $values['project_id'] = $project['id'];
- if (empty($values['action_name']) || empty($values['project_id'])) {
+ if (empty($values['action_name'])) {
return $this->create();
}
@@ -57,8 +58,9 @@ class ActionCreationController extends BaseController
{
$project = $this->getProject();
$values = $this->request->getValues();
+ $values['project_id'] = $project['id'];
- if (empty($values['action_name']) || empty($values['project_id']) || empty($values['event_name'])) {
+ if (empty($values['action_name']) || empty($values['event_name'])) {
$this->create();
return;
}
@@ -109,6 +111,7 @@ class ActionCreationController extends BaseController
*/
private function doCreation(array $project, array $values)
{
+ $values['project_id'] = $project['id'];
list($valid, ) = $this->actionValidator->validateCreation($values);
if ($valid) {