Avoid people to alter other projects by changing form data

author: Frederic Guillot <fred@kanboard.net> 2017-09-23 18:48:45 -0700
committer: Frederic Guillot <fred@kanboard.net> 2017-09-23 18:48:45 -0700
commit: 074f6c104f3e49401ef0065540338fc2d4be79f0 (patch)
tree: 35ee4b74f9f24749a57b6f54b6e5ec64eaffb1da /app/Controller/ProjectEditController.php
parent: 8ecaa60340966ee4fec8ee16612803d229e77eb3 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/app/Controller/ProjectEditController.php b/app/Controller/ProjectEditController.php
index ae39fdf3..dd534508 100644
--- a/app/Controller/ProjectEditController.php
+++ b/app/Controller/ProjectEditController.php
@@ -65,6 +65,8 @@ class ProjectEditController extends BaseController
      */
     private function prepareValues(array $project, array $values)
     {
+        $values['id'] = $project['id'];
+
         if (isset($values['is_private'])) {
             if (! $this->helper->user->hasProjectAccess('ProjectCreationController', 'create', $project['id'])) {
                 unset($values['is_private']);
author	Frederic Guillot <fred@kanboard.net>	2017-09-23 18:48:45 -0700
committer	Frederic Guillot <fred@kanboard.net>	2017-09-23 18:48:45 -0700
commit	074f6c104f3e49401ef0065540338fc2d4be79f0 (patch)
tree	35ee4b74f9f24749a57b6f54b6e5ec64eaffb1da /app/Controller/ProjectEditController.php
parent	8ecaa60340966ee4fec8ee16612803d229e77eb3 (diff)