diff options
author | Frederic Guillot <fred@kanboard.net> | 2017-09-23 20:56:54 -0700 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2017-09-23 20:56:54 -0700 |
commit | 3e0f14ae2b0b5a44bd038a472f17eac75f538524 (patch) | |
tree | 031247eca17a7a3d1d73490f5c10b12cbe9caadb /app/Controller/TaskInternalLinkController.php | |
parent | 074f6c104f3e49401ef0065540338fc2d4be79f0 (diff) |
Do not expose IDs in forms
Diffstat (limited to 'app/Controller/TaskInternalLinkController.php')
-rw-r--r-- | app/Controller/TaskInternalLinkController.php | 34 |
1 files changed, 10 insertions, 24 deletions
diff --git a/app/Controller/TaskInternalLinkController.php b/app/Controller/TaskInternalLinkController.php index 7c800165..02cc15c4 100644 --- a/app/Controller/TaskInternalLinkController.php +++ b/app/Controller/TaskInternalLinkController.php @@ -14,24 +14,6 @@ use Kanboard\Core\Controller\PageNotFoundException; class TaskInternalLinkController extends BaseController { /** - * Get the current link - * - * @access private - * @return array - * @throws PageNotFoundException - */ - private function getTaskLink() - { - $link = $this->taskLinkModel->getById($this->request->getIntegerParam('link_id')); - - if (empty($link)) { - throw new PageNotFoundException(); - } - - return $link; - } - - /** * Creation form * * @access public @@ -45,9 +27,7 @@ class TaskInternalLinkController extends BaseController $task = $this->getTask(); if (empty($values)) { - $values = array( - 'another_tasklink' => $this->request->getIntegerParam('another_tasklink', 0) - ); + $values['another_tasklink'] = $this->request->getIntegerParam('another_tasklink', 0); $values = $this->hook->merge('controller:tasklink:form:default', $values, array('default_values' => $values)); } @@ -68,6 +48,7 @@ class TaskInternalLinkController extends BaseController { $task = $this->getTask(); $values = $this->request->getValues(); + $values['task_id'] = $task['id']; list($valid, $errors) = $this->taskLinkValidator->validateCreation($values); @@ -106,7 +87,7 @@ class TaskInternalLinkController extends BaseController public function edit(array $values = array(), array $errors = array()) { $task = $this->getTask(); - $task_link = $this->getTaskLink(); + $task_link = $this->getInternalTaskLink($task); if (empty($values)) { $opposite_task = $this->taskFinderModel->getById($task_link['opposite_task_id']); @@ -131,7 +112,11 @@ class TaskInternalLinkController extends BaseController public function update() { $task = $this->getTask(); + $task_link = $this->getInternalTaskLink($task); + $values = $this->request->getValues(); + $values['task_id'] = $task['id']; + $values['id'] = $task_link['id']; list($valid, $errors) = $this->taskLinkValidator->validateModification($values); @@ -155,7 +140,7 @@ class TaskInternalLinkController extends BaseController public function confirm() { $task = $this->getTask(); - $link = $this->getTaskLink(); + $link = $this->getInternalTaskLink($task); $this->response->html($this->template->render('task_internal_link/remove', array( 'link' => $link, @@ -172,8 +157,9 @@ class TaskInternalLinkController extends BaseController { $this->checkCSRFParam(); $task = $this->getTask(); + $link = $this->getInternalTaskLink($task); - if ($this->taskLinkModel->remove($this->request->getIntegerParam('link_id'))) { + if ($this->taskLinkModel->remove($link['id'])) { $this->flash->success(t('Link removed successfully.')); } else { $this->flash->failure(t('Unable to remove this link.')); |