diff options
| author | Frederic Guillot <fred@kanboard.net> | 2017-09-23 18:48:45 -0700 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2017-09-23 18:48:45 -0700 |
| commit | 074f6c104f3e49401ef0065540338fc2d4be79f0 (patch) | |
| tree | 35ee4b74f9f24749a57b6f54b6e5ec64eaffb1da /app/Template/swimlane | |
| parent | 8ecaa60340966ee4fec8ee16612803d229e77eb3 (diff) | |
Avoid people to alter other projects by changing form data
Diffstat (limited to 'app/Template/swimlane')
| -rw-r--r-- | app/Template/swimlane/create.php | 2 | ||||
| -rw-r--r-- | app/Template/swimlane/edit.php | 4 |
2 files changed, 0 insertions, 6 deletions
diff --git a/app/Template/swimlane/create.php b/app/Template/swimlane/create.php index 7d05e731..5ff8cbee 100644 --- a/app/Template/swimlane/create.php +++ b/app/Template/swimlane/create.php @@ -2,9 +2,7 @@ <h2><?= t('Add a new swimlane') ?></h2> </div> <form method="post" action="<?= $this->url->href('SwimlaneController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off"> - <?= $this->form->csrf() ?> - <?= $this->form->hidden('project_id', $values) ?> <?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?> diff --git a/app/Template/swimlane/edit.php b/app/Template/swimlane/edit.php index c1c41196..b1d713ee 100644 --- a/app/Template/swimlane/edit.php +++ b/app/Template/swimlane/edit.php @@ -3,12 +3,8 @@ </div> <form method="post" action="<?= $this->url->href('SwimlaneController', 'update', array('project_id' => $project['id'], 'swimlane_id' => $values['id'])) ?>" autocomplete="off"> - <?= $this->form->csrf() ?> - <?= $this->form->hidden('id', $values) ?> - <?= $this->form->hidden('project_id', $values) ?> - <?= $this->form->label(t('Name'), 'name') ?> <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?> |