diff options
author | Frederic Guillot <fred@kanboard.net> | 2017-09-23 18:48:45 -0700 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2017-09-23 18:48:45 -0700 |
commit | 074f6c104f3e49401ef0065540338fc2d4be79f0 (patch) | |
tree | 35ee4b74f9f24749a57b6f54b6e5ec64eaffb1da /app/Controller/ActionCreationController.php | |
parent | 8ecaa60340966ee4fec8ee16612803d229e77eb3 (diff) |
Avoid people to alter other projects by changing form data
Diffstat (limited to 'app/Controller/ActionCreationController.php')
-rw-r--r-- | app/Controller/ActionCreationController.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/app/Controller/ActionCreationController.php b/app/Controller/ActionCreationController.php index 7fee58d1..abb214e6 100644 --- a/app/Controller/ActionCreationController.php +++ b/app/Controller/ActionCreationController.php @@ -35,8 +35,9 @@ class ActionCreationController extends BaseController { $project = $this->getProject(); $values = $this->request->getValues(); + $values['project_id'] = $project['id']; - if (empty($values['action_name']) || empty($values['project_id'])) { + if (empty($values['action_name'])) { return $this->create(); } @@ -57,8 +58,9 @@ class ActionCreationController extends BaseController { $project = $this->getProject(); $values = $this->request->getValues(); + $values['project_id'] = $project['id']; - if (empty($values['action_name']) || empty($values['project_id']) || empty($values['event_name'])) { + if (empty($values['action_name']) || empty($values['event_name'])) { $this->create(); return; } @@ -109,6 +111,7 @@ class ActionCreationController extends BaseController */ private function doCreation(array $project, array $values) { + $values['project_id'] = $project['id']; list($valid, ) = $this->actionValidator->validateCreation($values); if ($valid) { |