summaryrefslogtreecommitdiff
path: root/app/Controller/TaskInternalLinkController.php
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-09-23 20:56:54 -0700
committerFrederic Guillot <fred@kanboard.net>2017-09-23 20:56:54 -0700
commit3e0f14ae2b0b5a44bd038a472f17eac75f538524 (patch)
tree031247eca17a7a3d1d73490f5c10b12cbe9caadb /app/Controller/TaskInternalLinkController.php
parent074f6c104f3e49401ef0065540338fc2d4be79f0 (diff)
Do not expose IDs in forms
Diffstat (limited to 'app/Controller/TaskInternalLinkController.php')
-rw-r--r--app/Controller/TaskInternalLinkController.php34
1 files changed, 10 insertions, 24 deletions
diff --git a/app/Controller/TaskInternalLinkController.php b/app/Controller/TaskInternalLinkController.php
index 7c800165..02cc15c4 100644
--- a/app/Controller/TaskInternalLinkController.php
+++ b/app/Controller/TaskInternalLinkController.php
@@ -14,24 +14,6 @@ use Kanboard\Core\Controller\PageNotFoundException;
class TaskInternalLinkController extends BaseController
{
/**
- * Get the current link
- *
- * @access private
- * @return array
- * @throws PageNotFoundException
- */
- private function getTaskLink()
- {
- $link = $this->taskLinkModel->getById($this->request->getIntegerParam('link_id'));
-
- if (empty($link)) {
- throw new PageNotFoundException();
- }
-
- return $link;
- }
-
- /**
* Creation form
*
* @access public
@@ -45,9 +27,7 @@ class TaskInternalLinkController extends BaseController
$task = $this->getTask();
if (empty($values)) {
- $values = array(
- 'another_tasklink' => $this->request->getIntegerParam('another_tasklink', 0)
- );
+ $values['another_tasklink'] = $this->request->getIntegerParam('another_tasklink', 0);
$values = $this->hook->merge('controller:tasklink:form:default', $values, array('default_values' => $values));
}
@@ -68,6 +48,7 @@ class TaskInternalLinkController extends BaseController
{
$task = $this->getTask();
$values = $this->request->getValues();
+ $values['task_id'] = $task['id'];
list($valid, $errors) = $this->taskLinkValidator->validateCreation($values);
@@ -106,7 +87,7 @@ class TaskInternalLinkController extends BaseController
public function edit(array $values = array(), array $errors = array())
{
$task = $this->getTask();
- $task_link = $this->getTaskLink();
+ $task_link = $this->getInternalTaskLink($task);
if (empty($values)) {
$opposite_task = $this->taskFinderModel->getById($task_link['opposite_task_id']);
@@ -131,7 +112,11 @@ class TaskInternalLinkController extends BaseController
public function update()
{
$task = $this->getTask();
+ $task_link = $this->getInternalTaskLink($task);
+
$values = $this->request->getValues();
+ $values['task_id'] = $task['id'];
+ $values['id'] = $task_link['id'];
list($valid, $errors) = $this->taskLinkValidator->validateModification($values);
@@ -155,7 +140,7 @@ class TaskInternalLinkController extends BaseController
public function confirm()
{
$task = $this->getTask();
- $link = $this->getTaskLink();
+ $link = $this->getInternalTaskLink($task);
$this->response->html($this->template->render('task_internal_link/remove', array(
'link' => $link,
@@ -172,8 +157,9 @@ class TaskInternalLinkController extends BaseController
{
$this->checkCSRFParam();
$task = $this->getTask();
+ $link = $this->getInternalTaskLink($task);
- if ($this->taskLinkModel->remove($this->request->getIntegerParam('link_id'))) {
+ if ($this->taskLinkModel->remove($link['id'])) {
$this->flash->success(t('Link removed successfully.'));
} else {
$this->flash->failure(t('Unable to remove this link.'));