summaryrefslogtreecommitdiff
path: root/app/Template
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-09-23 20:56:54 -0700
committerFrederic Guillot <fred@kanboard.net>2017-09-23 20:56:54 -0700
commit3e0f14ae2b0b5a44bd038a472f17eac75f538524 (patch)
tree031247eca17a7a3d1d73490f5c10b12cbe9caadb /app/Template
parent074f6c104f3e49401ef0065540338fc2d4be79f0 (diff)
Do not expose IDs in forms
Diffstat (limited to 'app/Template')
-rw-r--r--app/Template/comment/create.php2
-rw-r--r--app/Template/comment/edit.php3
-rw-r--r--app/Template/subtask/create.php3
-rw-r--r--app/Template/subtask/edit.php2
-rw-r--r--app/Template/task_external_link/edit.php2
-rw-r--r--app/Template/task_external_link/find.php1
-rw-r--r--app/Template/task_external_link/form.php2
-rw-r--r--app/Template/task_internal_link/create.php1
-rw-r--r--app/Template/task_internal_link/edit.php4
-rw-r--r--app/Template/task_modification/show.php2
10 files changed, 3 insertions, 19 deletions
diff --git a/app/Template/comment/create.php b/app/Template/comment/create.php
index 0e19ac19..55e972dc 100644
--- a/app/Template/comment/create.php
+++ b/app/Template/comment/create.php
@@ -8,8 +8,6 @@
</div>
<form method="post" action="<?= $this->url->href('CommentController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', $values) ?>
- <?= $this->form->hidden('user_id', $values) ?>
<?= $this->form->textEditor('comment', $values, $errors, array('autofocus' => true, 'required' => true)) ?>
diff --git a/app/Template/comment/edit.php b/app/Template/comment/edit.php
index 04f6ffd4..db8d2921 100644
--- a/app/Template/comment/edit.php
+++ b/app/Template/comment/edit.php
@@ -4,9 +4,6 @@
<form method="post" action="<?= $this->url->href('CommentController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'comment_id' => $comment['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('task_id', $values) ?>
- <?= $this->form->hidden('user_id', $values) ?>
<?= $this->form->textEditor('comment', $values, $errors, array('autofocus' => true, 'required' => true)) ?>
diff --git a/app/Template/subtask/create.php b/app/Template/subtask/create.php
index 96ad7a46..bbb64005 100644
--- a/app/Template/subtask/create.php
+++ b/app/Template/subtask/create.php
@@ -3,9 +3,8 @@
</div>
<form method="post" action="<?= $this->url->href('SubtaskController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
-
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', $values) ?>
+
<?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
<?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
<?= $this->subtask->renderTimeEstimatedField($values, $errors) ?>
diff --git a/app/Template/subtask/edit.php b/app/Template/subtask/edit.php
index 7c0266a8..aed57e95 100644
--- a/app/Template/subtask/edit.php
+++ b/app/Template/subtask/edit.php
@@ -4,8 +4,6 @@
<form method="post" action="<?= $this->url->href('SubtaskController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'subtask_id' => $subtask['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('task_id', $values) ?>
<?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
<?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
diff --git a/app/Template/task_external_link/edit.php b/app/Template/task_external_link/edit.php
index df10d444..e448b10f 100644
--- a/app/Template/task_external_link/edit.php
+++ b/app/Template/task_external_link/edit.php
@@ -2,7 +2,7 @@
<h2><?= t('Edit external link') ?></h2>
</div>
-<form action="<?= $this->url->href('TaskExternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
+<form action="<?= $this->url->href('TaskExternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'link_id' => $link['id'])) ?>" method="post" autocomplete="off">
<?= $this->render('task_external_link/form', array('task' => $task, 'dependencies' => $dependencies, 'values' => $values, 'errors' => $errors)) ?>
<?= $this->modal->submitButtons() ?>
</form>
diff --git a/app/Template/task_external_link/find.php b/app/Template/task_external_link/find.php
index a3665c0d..29d85101 100644
--- a/app/Template/task_external_link/find.php
+++ b/app/Template/task_external_link/find.php
@@ -4,7 +4,6 @@
<form action="<?= $this->url->href('TaskExternalLinkController', 'create', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
<?= $this->form->label(t('External link'), 'text') ?>
<?= $this->form->text(
diff --git a/app/Template/task_external_link/form.php b/app/Template/task_external_link/form.php
index 932ca521..4ad2b2e0 100644
--- a/app/Template/task_external_link/form.php
+++ b/app/Template/task_external_link/form.php
@@ -1,6 +1,4 @@
<?= $this->form->csrf() ?>
-<?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
-<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('link_type', $values) ?>
<?= $this->form->label(t('URL'), 'url') ?>
diff --git a/app/Template/task_internal_link/create.php b/app/Template/task_internal_link/create.php
index c5e80f41..bab41253 100644
--- a/app/Template/task_internal_link/create.php
+++ b/app/Template/task_internal_link/create.php
@@ -5,7 +5,6 @@
<form action="<?= $this->url->href('TaskInternalLinkController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
<?= $this->form->hidden('opposite_task_id', $values) ?>
<?= $this->form->label(t('Label'), 'link_id') ?>
diff --git a/app/Template/task_internal_link/edit.php b/app/Template/task_internal_link/edit.php
index 5abf7b65..fab84d0b 100644
--- a/app/Template/task_internal_link/edit.php
+++ b/app/Template/task_internal_link/edit.php
@@ -3,10 +3,8 @@
</div>
<form action="<?= $this->url->href('TaskInternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'link_id' => $task_link['id'])) ?>" method="post" autocomplete="off">
-
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('task_id', $values) ?>
+
<?= $this->form->hidden('opposite_task_id', $values) ?>
<?= $this->form->label(t('Label'), 'link_id') ?>
diff --git a/app/Template/task_modification/show.php b/app/Template/task_modification/show.php
index 710abedf..ebe9f6fd 100644
--- a/app/Template/task_modification/show.php
+++ b/app/Template/task_modification/show.php
@@ -3,8 +3,6 @@
</div>
<form method="post" action="<?= $this->url->href('TaskModificationController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('project_id', $values) ?>
<div class="task-form-container">
<div class="task-form-main-column">