Avoid people to alter other projects by changing form data

15 files changed, 0 insertions, 26 deletions

diff --git a/app/Template/action_creation/create.php b/app/Template/action_creation/create.php
index 862ee474..a1169dca 100644
--- a/app/Template/action_creation/create.php
+++ b/app/Template/action_creation/create.php
@@ -3,7 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('ActionCreationController', 'event', array('project_id' => $project['id'])) ?>">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Action'), 'action_name') ?>
     <?= $this->form->select('action_name', $available_actions, $values) ?>
diff --git a/app/Template/action_creation/event.php b/app/Template/action_creation/event.php
index e4166548..2ea72612 100644
--- a/app/Template/action_creation/event.php
+++ b/app/Template/action_creation/event.php
@@ -5,7 +5,6 @@
 <form method="post" action="<?= $this->url->href('ActionCreationController', 'params', array('project_id' => $project['id'])) ?>">
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('project_id', $values) ?>
     <?= $this->form->hidden('action_name', $values) ?>
 
     <?= $this->form->label(t('Action'), 'action_name') ?>
diff --git a/app/Template/action_creation/params.php b/app/Template/action_creation/params.php
index 0cc98f50..6c30d6c6 100644
--- a/app/Template/action_creation/params.php
+++ b/app/Template/action_creation/params.php
@@ -5,7 +5,6 @@
 <form method="post" action="<?= $this->url->href('ActionCreationController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('project_id', $values) ?>
     <?= $this->form->hidden('event_name', $values) ?>
     <?= $this->form->hidden('action_name', $values) ?>
 
diff --git a/app/Template/category/create.php b/app/Template/category/create.php
index b12ff7fa..b32a770c 100644
--- a/app/Template/category/create.php
+++ b/app/Template/category/create.php
@@ -3,7 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('CategoryController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Category Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"')) ?>
diff --git a/app/Template/category/edit.php b/app/Template/category/edit.php
index 108826f3..9ad5a9e9 100644
--- a/app/Template/category/edit.php
+++ b/app/Template/category/edit.php
@@ -5,9 +5,6 @@
 <form method="post" action="<?= $this->url->href('CategoryController', 'update', array('project_id' => $project['id'], 'category_id' => $values['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('project_id', $values) ?>
-
     <?= $this->form->label(t('Category Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>
 
diff --git a/app/Template/column/create.php b/app/Template/column/create.php
index aad9606b..2b0c4641 100644
--- a/app/Template/column/create.php
+++ b/app/Template/column/create.php
@@ -4,8 +4,6 @@
 <form method="post" action="<?= $this->url->href('ColumnController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('project_id', $values) ?>
-
     <?= $this->form->label(t('Title'), 'title') ?>
     <?= $this->form->text('title', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>
 
diff --git a/app/Template/column/edit.php b/app/Template/column/edit.php
index e590b5cc..25cf60c9 100644
--- a/app/Template/column/edit.php
+++ b/app/Template/column/edit.php
@@ -5,9 +5,6 @@
 <form method="post" action="<?= $this->url->href('ColumnController', 'update', array('project_id' => $project['id'], 'column_id' => $column['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('project_id', $values) ?>
-
     <?= $this->form->label(t('Title'), 'title') ?>
     <?= $this->form->text('title', $values, $errors, array('autofocus', 'required', 'maxlength="50"')) ?>
 
diff --git a/app/Template/custom_filter/create.php b/app/Template/custom_filter/create.php
index 24e896ee..724cbc85 100644
--- a/app/Template/custom_filter/create.php
+++ b/app/Template/custom_filter/create.php
@@ -3,7 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('CustomFilterController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="100"')) ?>
diff --git a/app/Template/custom_filter/edit.php b/app/Template/custom_filter/edit.php
index b64dee53..786e0c91 100644
--- a/app/Template/custom_filter/edit.php
+++ b/app/Template/custom_filter/edit.php
@@ -5,9 +5,7 @@
 <form method="post" action="<?= $this->url->href('CustomFilterController', 'update', array('project_id' => $filter['project_id'], 'filter_id' => $filter['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('id', $values) ?>
     <?= $this->form->hidden('user_id', $values) ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="100"')) ?>
diff --git a/app/Template/project_edit/show.php b/app/Template/project_edit/show.php
index d4d0f8a6..8b85f010 100644
--- a/app/Template/project_edit/show.php
+++ b/app/Template/project_edit/show.php
@@ -9,7 +9,6 @@
 <?php endif ?>
 <form method="post" action="<?= $this->url->href('ProjectEditController', 'update', array('project_id' => $project['id'], 'redirect' => 'edit')) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('id', $values) ?>
 
     <fieldset>
         <legend><?= t('General') ?></legend>
diff --git a/app/Template/project_tag/create.php b/app/Template/project_tag/create.php
index a0e6243b..6765e8fc 100644
--- a/app/Template/project_tag/create.php
+++ b/app/Template/project_tag/create.php
@@ -3,7 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('ProjectTagController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="255"')) ?>
diff --git a/app/Template/project_tag/edit.php b/app/Template/project_tag/edit.php
index 8cb1e209..29290c0c 100644
--- a/app/Template/project_tag/edit.php
+++ b/app/Template/project_tag/edit.php
@@ -3,8 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('ProjectTagController', 'update', array('tag_id' => $tag['id'], 'project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="255"')) ?>
diff --git a/app/Template/swimlane/create.php b/app/Template/swimlane/create.php
index 7d05e731..5ff8cbee 100644
--- a/app/Template/swimlane/create.php
+++ b/app/Template/swimlane/create.php
@@ -2,9 +2,7 @@
     <h2><?= t('Add a new swimlane') ?></h2>
 </div>
 <form method="post" action="<?= $this->url->href('SwimlaneController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
-
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <?= $this->form->label(t('Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>
diff --git a/app/Template/swimlane/edit.php b/app/Template/swimlane/edit.php
index c1c41196..b1d713ee 100644
--- a/app/Template/swimlane/edit.php
+++ b/app/Template/swimlane/edit.php
@@ -3,12 +3,8 @@
 </div>
 
 <form method="post" action="<?= $this->url->href('SwimlaneController', 'update', array('project_id' => $project['id'], 'swimlane_id' => $values['id'])) ?>" autocomplete="off">
-
     <?= $this->form->csrf() ?>
 
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('project_id', $values) ?>
-
     <?= $this->form->label(t('Name'), 'name') ?>
     <?= $this->form->text('name', $values, $errors, array('autofocus', 'required', 'maxlength="50"', 'tabindex="1"')) ?>
 
diff --git a/app/Template/task_creation/show.php b/app/Template/task_creation/show.php
index e957087f..cc927793 100644
--- a/app/Template/task_creation/show.php
+++ b/app/Template/task_creation/show.php
@@ -3,7 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('TaskCreationController', 'save', array('project_id' => $project['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <div class="task-form-container">
         <div class="task-form-main-column">