Do not expose IDs in forms

author: Frederic Guillot <fred@kanboard.net> 2017-09-23 20:56:54 -0700
committer: Frederic Guillot <fred@kanboard.net> 2017-09-23 20:56:54 -0700
commit: 3e0f14ae2b0b5a44bd038a472f17eac75f538524 (patch)
tree: 031247eca17a7a3d1d73490f5c10b12cbe9caadb /app/Controller/SubtaskStatusController.php
parent: 074f6c104f3e49401ef0065540338fc2d4be79f0 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/app/Controller/SubtaskStatusController.php b/app/Controller/SubtaskStatusController.php
index ef16fce0..c912848e 100644
--- a/app/Controller/SubtaskStatusController.php
+++ b/app/Controller/SubtaskStatusController.php
@@ -18,7 +18,7 @@ class SubtaskStatusController extends BaseController
     public function change()
     {
         $task = $this->getTask();
-        $subtask = $this->getSubtask();
+        $subtask = $this->getSubtask($task);
         $fragment = $this->request->getStringParam('fragment');
 
         $status = $this->subtaskStatusModel->toggleStatus($subtask['id']);
@@ -43,19 +43,19 @@ class SubtaskStatusController extends BaseController
     public function timer()
     {
         $task = $this->getTask();
-        $subtaskId = $this->request->getIntegerParam('subtask_id');
+        $subtask = $this->getSubtask($task);
         $timer = $this->request->getStringParam('timer');
 
         if ($timer === 'start') {
-            $this->subtaskTimeTrackingModel->logStartTime($subtaskId, $this->userSession->getId());
+            $this->subtaskTimeTrackingModel->logStartTime($subtask['id'], $this->userSession->getId());
         } elseif ($timer === 'stop') {
-            $this->subtaskTimeTrackingModel->logEndTime($subtaskId, $this->userSession->getId());
+            $this->subtaskTimeTrackingModel->logEndTime($subtask['id'], $this->userSession->getId());
             $this->subtaskTimeTrackingModel->updateTaskTimeTracking($task['id']);
         }
 
         $this->response->html($this->template->render('subtask/timer', array(
             'task'    => $task,
-            'subtask' => $this->subtaskModel->getByIdWithDetails($subtaskId),
+            'subtask' => $this->subtaskModel->getByIdWithDetails($subtask['id']),
         )));
     }
author	Frederic Guillot <fred@kanboard.net>	2017-09-23 20:56:54 -0700
committer	Frederic Guillot <fred@kanboard.net>	2017-09-23 20:56:54 -0700
commit	3e0f14ae2b0b5a44bd038a472f17eac75f538524 (patch)
tree	031247eca17a7a3d1d73490f5c10b12cbe9caadb /app/Controller/SubtaskStatusController.php
parent	074f6c104f3e49401ef0065540338fc2d4be79f0 (diff)