summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-09-23 20:56:54 -0700
committerFrederic Guillot <fred@kanboard.net>2017-09-23 20:56:54 -0700
commit3e0f14ae2b0b5a44bd038a472f17eac75f538524 (patch)
tree031247eca17a7a3d1d73490f5c10b12cbe9caadb /app
parent074f6c104f3e49401ef0065540338fc2d4be79f0 (diff)
Do not expose IDs in forms
Diffstat (limited to 'app')
-rw-r--r--app/Controller/BaseController.php62
-rw-r--r--app/Controller/CommentController.php43
-rw-r--r--app/Controller/SubtaskController.php12
-rw-r--r--app/Controller/SubtaskConverterController.php5
-rw-r--r--app/Controller/SubtaskRestrictionController.php4
-rw-r--r--app/Controller/SubtaskStatusController.php10
-rw-r--r--app/Controller/TaskExternalLinkController.php37
-rw-r--r--app/Controller/TaskInternalLinkController.php34
-rw-r--r--app/Controller/TaskModificationController.php2
-rw-r--r--app/Controller/TaskRecurrenceController.php1
-rw-r--r--app/Template/comment/create.php2
-rw-r--r--app/Template/comment/edit.php3
-rw-r--r--app/Template/subtask/create.php3
-rw-r--r--app/Template/subtask/edit.php2
-rw-r--r--app/Template/task_external_link/edit.php2
-rw-r--r--app/Template/task_external_link/find.php1
-rw-r--r--app/Template/task_external_link/form.php2
-rw-r--r--app/Template/task_internal_link/create.php1
-rw-r--r--app/Template/task_internal_link/edit.php4
-rw-r--r--app/Template/task_modification/show.php2
20 files changed, 112 insertions, 120 deletions
diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index 1ac7ed20..41fcef1c 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -138,14 +138,7 @@ abstract class BaseController extends Base
return $user;
}
- /**
- * Get the current subtask
- *
- * @access protected
- * @return array
- * @throws PageNotFoundException
- */
- protected function getSubtask()
+ protected function getSubtask(array $task)
{
$subtask = $this->subtaskModel->getById($this->request->getIntegerParam('subtask_id'));
@@ -153,9 +146,62 @@ abstract class BaseController extends Base
throw new PageNotFoundException();
}
+ if ($subtask['task_id'] != $task['id']) {
+ throw new AccessForbiddenException();
+ }
+
return $subtask;
}
+ protected function getComment(array $task)
+ {
+ $comment = $this->commentModel->getById($this->request->getIntegerParam('comment_id'));
+
+ if (empty($comment)) {
+ throw new PageNotFoundException();
+ }
+
+ if (! $this->userSession->isAdmin() && $comment['user_id'] != $this->userSession->getId()) {
+ throw new AccessForbiddenException();
+ }
+
+ if ($comment['task_id'] != $task['id']) {
+ throw new AccessForbiddenException();
+ }
+
+ return $comment;
+ }
+
+ protected function getExternalTaskLink(array $task)
+ {
+ $link = $this->taskExternalLinkModel->getById($this->request->getIntegerParam('link_id'));
+
+ if (empty($link)) {
+ throw new PageNotFoundException();
+ }
+
+ if ($link['task_id'] != $task['id']) {
+ throw new AccessForbiddenException();
+ }
+
+ return $link;
+ }
+
+ protected function getInternalTaskLink(array $task)
+ {
+ $link = $this->taskLinkModel->getById($this->request->getIntegerParam('link_id'));
+
+ if (empty($link)) {
+ throw new PageNotFoundException();
+ }
+
+ if ($link['task_id'] != $task['id']) {
+ throw new AccessForbiddenException();
+ }
+
+ return $link;
+ }
+
protected function getColumn(array $project)
{
$column = $this->columnModel->getById($this->request->getIntegerParam('column_id'));
diff --git a/app/Controller/CommentController.php b/app/Controller/CommentController.php
index 9a89103e..a29491a3 100644
--- a/app/Controller/CommentController.php
+++ b/app/Controller/CommentController.php
@@ -14,29 +14,6 @@ use Kanboard\Core\Controller\PageNotFoundException;
class CommentController extends BaseController
{
/**
- * Get the current comment
- *
- * @access protected
- * @return array
- * @throws PageNotFoundException
- * @throws AccessForbiddenException
- */
- protected function getComment()
- {
- $comment = $this->commentModel->getById($this->request->getIntegerParam('comment_id'));
-
- if (empty($comment)) {
- throw new PageNotFoundException();
- }
-
- if (! $this->userSession->isAdmin() && $comment['user_id'] != $this->userSession->getId()) {
- throw new AccessForbiddenException();
- }
-
- return $comment;
- }
-
- /**
* Add comment form
*
* @access public
@@ -49,14 +26,6 @@ class CommentController extends BaseController
{
$project = $this->getProject();
$task = $this->getTask();
-
- if (empty($values)) {
- $values = array(
- 'user_id' => $this->userSession->getId(),
- 'task_id' => $task['id'],
- );
- }
-
$values['project_id'] = $task['project_id'];
$this->response->html($this->helper->layout->task('comment/create', array(
@@ -106,7 +75,7 @@ class CommentController extends BaseController
public function edit(array $values = array(), array $errors = array())
{
$task = $this->getTask();
- $comment = $this->getComment();
+ $comment = $this->getComment($task);
if (empty($values)) {
$values = $comment;
@@ -130,9 +99,13 @@ class CommentController extends BaseController
public function update()
{
$task = $this->getTask();
- $this->getComment();
+ $comment = $this->getComment($task);
$values = $this->request->getValues();
+ $values['id'] = $comment['id'];
+ $values['task_id'] = $task['id'];
+ $values['user_id'] = $comment['user_id'];
+
list($valid, $errors) = $this->commentValidator->validateModification($values);
if ($valid) {
@@ -157,7 +130,7 @@ class CommentController extends BaseController
public function confirm()
{
$task = $this->getTask();
- $comment = $this->getComment();
+ $comment = $this->getComment($task);
$this->response->html($this->template->render('comment/remove', array(
'comment' => $comment,
@@ -175,7 +148,7 @@ class CommentController extends BaseController
{
$this->checkCSRFParam();
$task = $this->getTask();
- $comment = $this->getComment();
+ $comment = $this->getComment($task);
if ($this->commentModel->remove($comment['id'])) {
$this->flash->success(t('Comment removed successfully.'));
diff --git a/app/Controller/SubtaskController.php b/app/Controller/SubtaskController.php
index 5fa55f6b..b9bb0934 100644
--- a/app/Controller/SubtaskController.php
+++ b/app/Controller/SubtaskController.php
@@ -66,6 +66,7 @@ class SubtaskController extends BaseController
{
$task = $this->getTask();
$values = $this->request->getValues();
+ $values['task_id'] = $task['id'];
list($valid, $errors) = $this->subtaskValidator->validateCreation($values);
@@ -103,7 +104,7 @@ class SubtaskController extends BaseController
public function edit(array $values = array(), array $errors = array())
{
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$this->response->html($this->template->render('subtask/edit', array(
'values' => empty($values) ? $subtask : $values,
@@ -123,9 +124,12 @@ class SubtaskController extends BaseController
public function update()
{
$task = $this->getTask();
- $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$values = $this->request->getValues();
+ $values['id'] = $subtask['id'];
+ $values['task_id'] = $task['id'];
+
list($valid, $errors) = $this->subtaskValidator->validateModification($values);
if ($valid) {
@@ -149,7 +153,7 @@ class SubtaskController extends BaseController
public function confirm()
{
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$this->response->html($this->template->render('subtask/remove', array(
'subtask' => $subtask,
@@ -166,7 +170,7 @@ class SubtaskController extends BaseController
{
$this->checkCSRFParam();
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
if ($this->subtaskModel->remove($subtask['id'])) {
$this->flash->success(t('Sub-task removed successfully.'));
diff --git a/app/Controller/SubtaskConverterController.php b/app/Controller/SubtaskConverterController.php
index 404c50d0..dafbb7e0 100644
--- a/app/Controller/SubtaskConverterController.php
+++ b/app/Controller/SubtaskConverterController.php
@@ -13,7 +13,7 @@ class SubtaskConverterController extends BaseController
public function show()
{
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$this->response->html($this->template->render('subtask_converter/show', array(
'subtask' => $subtask,
@@ -24,7 +24,8 @@ class SubtaskConverterController extends BaseController
public function save()
{
$project = $this->getProject();
- $subtask = $this->getSubtask();
+ $task = $this->getTask();
+ $subtask = $this->getSubtask($task);
$task_id = $this->subtaskTaskConversionModel->convertToTask($project['id'], $subtask['id']);
diff --git a/app/Controller/SubtaskRestrictionController.php b/app/Controller/SubtaskRestrictionController.php
index 99315931..315b023d 100644
--- a/app/Controller/SubtaskRestrictionController.php
+++ b/app/Controller/SubtaskRestrictionController.php
@@ -20,7 +20,7 @@ class SubtaskRestrictionController extends BaseController
public function show()
{
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$this->response->html($this->template->render('subtask_restriction/show', array(
'status_list' => array(
@@ -41,7 +41,7 @@ class SubtaskRestrictionController extends BaseController
public function save()
{
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$values = $this->request->getValues();
// Change status of the previous "in progress" subtask
diff --git a/app/Controller/SubtaskStatusController.php b/app/Controller/SubtaskStatusController.php
index ef16fce0..c912848e 100644
--- a/app/Controller/SubtaskStatusController.php
+++ b/app/Controller/SubtaskStatusController.php
@@ -18,7 +18,7 @@ class SubtaskStatusController extends BaseController
public function change()
{
$task = $this->getTask();
- $subtask = $this->getSubtask();
+ $subtask = $this->getSubtask($task);
$fragment = $this->request->getStringParam('fragment');
$status = $this->subtaskStatusModel->toggleStatus($subtask['id']);
@@ -43,19 +43,19 @@ class SubtaskStatusController extends BaseController
public function timer()
{
$task = $this->getTask();
- $subtaskId = $this->request->getIntegerParam('subtask_id');
+ $subtask = $this->getSubtask($task);
$timer = $this->request->getStringParam('timer');
if ($timer === 'start') {
- $this->subtaskTimeTrackingModel->logStartTime($subtaskId, $this->userSession->getId());
+ $this->subtaskTimeTrackingModel->logStartTime($subtask['id'], $this->userSession->getId());
} elseif ($timer === 'stop') {
- $this->subtaskTimeTrackingModel->logEndTime($subtaskId, $this->userSession->getId());
+ $this->subtaskTimeTrackingModel->logEndTime($subtask['id'], $this->userSession->getId());
$this->subtaskTimeTrackingModel->updateTaskTimeTracking($task['id']);
}
$this->response->html($this->template->render('subtask/timer', array(
'task' => $task,
- 'subtask' => $this->subtaskModel->getByIdWithDetails($subtaskId),
+ 'subtask' => $this->subtaskModel->getByIdWithDetails($subtask['id']),
)));
}
diff --git a/app/Controller/TaskExternalLinkController.php b/app/Controller/TaskExternalLinkController.php
index df23f87b..946451fc 100644
--- a/app/Controller/TaskExternalLinkController.php
+++ b/app/Controller/TaskExternalLinkController.php
@@ -74,6 +74,8 @@ class TaskExternalLinkController extends BaseController
{
$task = $this->getTask();
$values = $this->request->getValues();
+ $values['task_id'] = $task['id'];
+
list($valid, $errors) = $this->externalLinkValidator->validateCreation($values);
if ($valid) {
@@ -108,22 +110,14 @@ class TaskExternalLinkController extends BaseController
public function edit(array $values = array(), array $errors = array())
{
$task = $this->getTask();
- $link_id = $this->request->getIntegerParam('link_id');
-
- if ($link_id > 0) {
- $values = $this->taskExternalLinkModel->getById($link_id);
- }
-
- if (empty($values)) {
- throw new PageNotFoundException();
- }
-
- $provider = $this->externalLinkManager->getProvider($values['link_type']);
+ $link = $this->getExternalTaskLink($task);
+ $provider = $this->externalLinkManager->getProvider($link['link_type']);
$this->response->html($this->template->render('task_external_link/edit', array(
- 'values' => $values,
- 'errors' => $errors,
- 'task' => $task,
+ 'values' => empty($values) ? $link : $values,
+ 'errors' => $errors,
+ 'task' => $task,
+ 'link' => $link,
'dependencies' => $provider->getDependencies(),
)));
}
@@ -136,7 +130,12 @@ class TaskExternalLinkController extends BaseController
public function update()
{
$task = $this->getTask();
+ $link = $this->getExternalTaskLink($task);
+
$values = $this->request->getValues();
+ $values['id'] = $link['id'];
+ $values['task_id'] = $link['task_id'];
+
list($valid, $errors) = $this->externalLinkValidator->validateModification($values);
if ($valid && $this->taskExternalLinkModel->update($values)) {
@@ -155,12 +154,7 @@ class TaskExternalLinkController extends BaseController
public function confirm()
{
$task = $this->getTask();
- $link_id = $this->request->getIntegerParam('link_id');
- $link = $this->taskExternalLinkModel->getById($link_id);
-
- if (empty($link)) {
- throw new PageNotFoundException();
- }
+ $link = $this->getExternalTaskLink($task);
$this->response->html($this->template->render('task_external_link/remove', array(
'link' => $link,
@@ -177,8 +171,9 @@ class TaskExternalLinkController extends BaseController
{
$this->checkCSRFParam();
$task = $this->getTask();
+ $link = $this->getExternalTaskLink($task);
- if ($this->taskExternalLinkModel->remove($this->request->getIntegerParam('link_id'))) {
+ if ($this->taskExternalLinkModel->remove($link['id'])) {
$this->flash->success(t('Link removed successfully.'));
} else {
$this->flash->failure(t('Unable to remove this link.'));
diff --git a/app/Controller/TaskInternalLinkController.php b/app/Controller/TaskInternalLinkController.php
index 7c800165..02cc15c4 100644
--- a/app/Controller/TaskInternalLinkController.php
+++ b/app/Controller/TaskInternalLinkController.php
@@ -14,24 +14,6 @@ use Kanboard\Core\Controller\PageNotFoundException;
class TaskInternalLinkController extends BaseController
{
/**
- * Get the current link
- *
- * @access private
- * @return array
- * @throws PageNotFoundException
- */
- private function getTaskLink()
- {
- $link = $this->taskLinkModel->getById($this->request->getIntegerParam('link_id'));
-
- if (empty($link)) {
- throw new PageNotFoundException();
- }
-
- return $link;
- }
-
- /**
* Creation form
*
* @access public
@@ -45,9 +27,7 @@ class TaskInternalLinkController extends BaseController
$task = $this->getTask();
if (empty($values)) {
- $values = array(
- 'another_tasklink' => $this->request->getIntegerParam('another_tasklink', 0)
- );
+ $values['another_tasklink'] = $this->request->getIntegerParam('another_tasklink', 0);
$values = $this->hook->merge('controller:tasklink:form:default', $values, array('default_values' => $values));
}
@@ -68,6 +48,7 @@ class TaskInternalLinkController extends BaseController
{
$task = $this->getTask();
$values = $this->request->getValues();
+ $values['task_id'] = $task['id'];
list($valid, $errors) = $this->taskLinkValidator->validateCreation($values);
@@ -106,7 +87,7 @@ class TaskInternalLinkController extends BaseController
public function edit(array $values = array(), array $errors = array())
{
$task = $this->getTask();
- $task_link = $this->getTaskLink();
+ $task_link = $this->getInternalTaskLink($task);
if (empty($values)) {
$opposite_task = $this->taskFinderModel->getById($task_link['opposite_task_id']);
@@ -131,7 +112,11 @@ class TaskInternalLinkController extends BaseController
public function update()
{
$task = $this->getTask();
+ $task_link = $this->getInternalTaskLink($task);
+
$values = $this->request->getValues();
+ $values['task_id'] = $task['id'];
+ $values['id'] = $task_link['id'];
list($valid, $errors) = $this->taskLinkValidator->validateModification($values);
@@ -155,7 +140,7 @@ class TaskInternalLinkController extends BaseController
public function confirm()
{
$task = $this->getTask();
- $link = $this->getTaskLink();
+ $link = $this->getInternalTaskLink($task);
$this->response->html($this->template->render('task_internal_link/remove', array(
'link' => $link,
@@ -172,8 +157,9 @@ class TaskInternalLinkController extends BaseController
{
$this->checkCSRFParam();
$task = $this->getTask();
+ $link = $this->getInternalTaskLink($task);
- if ($this->taskLinkModel->remove($this->request->getIntegerParam('link_id'))) {
+ if ($this->taskLinkModel->remove($link['id'])) {
$this->flash->success(t('Link removed successfully.'));
} else {
$this->flash->failure(t('Unable to remove this link.'));
diff --git a/app/Controller/TaskModificationController.php b/app/Controller/TaskModificationController.php
index 1892a209..338ed540 100644
--- a/app/Controller/TaskModificationController.php
+++ b/app/Controller/TaskModificationController.php
@@ -98,6 +98,8 @@ class TaskModificationController extends BaseController
{
$task = $this->getTask();
$values = $this->request->getValues();
+ $values['id'] = $task['id'];
+ $values['project_id'] = $task['project_id'];
list($valid, $errors) = $this->taskValidator->validateModification($values);
diff --git a/app/Controller/TaskRecurrenceController.php b/app/Controller/TaskRecurrenceController.php
index c6fdfa37..7f14cb53 100644
--- a/app/Controller/TaskRecurrenceController.php
+++ b/app/Controller/TaskRecurrenceController.php
@@ -47,6 +47,7 @@ class TaskRecurrenceController extends BaseController
{
$task = $this->getTask();
$values = $this->request->getValues();
+ $values['id'] = $task['id'];
list($valid, $errors) = $this->taskValidator->validateEditRecurrence($values);
diff --git a/app/Template/comment/create.php b/app/Template/comment/create.php
index 0e19ac19..55e972dc 100644
--- a/app/Template/comment/create.php
+++ b/app/Template/comment/create.php
@@ -8,8 +8,6 @@
</div>
<form method="post" action="<?= $this->url->href('CommentController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', $values) ?>
- <?= $this->form->hidden('user_id', $values) ?>
<?= $this->form->textEditor('comment', $values, $errors, array('autofocus' => true, 'required' => true)) ?>
diff --git a/app/Template/comment/edit.php b/app/Template/comment/edit.php
index 04f6ffd4..db8d2921 100644
--- a/app/Template/comment/edit.php
+++ b/app/Template/comment/edit.php
@@ -4,9 +4,6 @@
<form method="post" action="<?= $this->url->href('CommentController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'comment_id' => $comment['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('task_id', $values) ?>
- <?= $this->form->hidden('user_id', $values) ?>
<?= $this->form->textEditor('comment', $values, $errors, array('autofocus' => true, 'required' => true)) ?>
diff --git a/app/Template/subtask/create.php b/app/Template/subtask/create.php
index 96ad7a46..bbb64005 100644
--- a/app/Template/subtask/create.php
+++ b/app/Template/subtask/create.php
@@ -3,9 +3,8 @@
</div>
<form method="post" action="<?= $this->url->href('SubtaskController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
-
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', $values) ?>
+
<?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
<?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
<?= $this->subtask->renderTimeEstimatedField($values, $errors) ?>
diff --git a/app/Template/subtask/edit.php b/app/Template/subtask/edit.php
index 7c0266a8..aed57e95 100644
--- a/app/Template/subtask/edit.php
+++ b/app/Template/subtask/edit.php
@@ -4,8 +4,6 @@
<form method="post" action="<?= $this->url->href('SubtaskController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'subtask_id' => $subtask['id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('task_id', $values) ?>
<?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
<?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
diff --git a/app/Template/task_external_link/edit.php b/app/Template/task_external_link/edit.php
index df10d444..e448b10f 100644
--- a/app/Template/task_external_link/edit.php
+++ b/app/Template/task_external_link/edit.php
@@ -2,7 +2,7 @@
<h2><?= t('Edit external link') ?></h2>
</div>
-<form action="<?= $this->url->href('TaskExternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
+<form action="<?= $this->url->href('TaskExternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'link_id' => $link['id'])) ?>" method="post" autocomplete="off">
<?= $this->render('task_external_link/form', array('task' => $task, 'dependencies' => $dependencies, 'values' => $values, 'errors' => $errors)) ?>
<?= $this->modal->submitButtons() ?>
</form>
diff --git a/app/Template/task_external_link/find.php b/app/Template/task_external_link/find.php
index a3665c0d..29d85101 100644
--- a/app/Template/task_external_link/find.php
+++ b/app/Template/task_external_link/find.php
@@ -4,7 +4,6 @@
<form action="<?= $this->url->href('TaskExternalLinkController', 'create', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
<?= $this->form->label(t('External link'), 'text') ?>
<?= $this->form->text(
diff --git a/app/Template/task_external_link/form.php b/app/Template/task_external_link/form.php
index 932ca521..4ad2b2e0 100644
--- a/app/Template/task_external_link/form.php
+++ b/app/Template/task_external_link/form.php
@@ -1,6 +1,4 @@
<?= $this->form->csrf() ?>
-<?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
-<?= $this->form->hidden('id', $values) ?>
<?= $this->form->hidden('link_type', $values) ?>
<?= $this->form->label(t('URL'), 'url') ?>
diff --git a/app/Template/task_internal_link/create.php b/app/Template/task_internal_link/create.php
index c5e80f41..bab41253 100644
--- a/app/Template/task_internal_link/create.php
+++ b/app/Template/task_internal_link/create.php
@@ -5,7 +5,6 @@
<form action="<?= $this->url->href('TaskInternalLinkController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
<?= $this->form->hidden('opposite_task_id', $values) ?>
<?= $this->form->label(t('Label'), 'link_id') ?>
diff --git a/app/Template/task_internal_link/edit.php b/app/Template/task_internal_link/edit.php
index 5abf7b65..fab84d0b 100644
--- a/app/Template/task_internal_link/edit.php
+++ b/app/Template/task_internal_link/edit.php
@@ -3,10 +3,8 @@
</div>
<form action="<?= $this->url->href('TaskInternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'link_id' => $task_link['id'])) ?>" method="post" autocomplete="off">
-
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('task_id', $values) ?>
+
<?= $this->form->hidden('opposite_task_id', $values) ?>
<?= $this->form->label(t('Label'), 'link_id') ?>
diff --git a/app/Template/task_modification/show.php b/app/Template/task_modification/show.php
index 710abedf..ebe9f6fd 100644
--- a/app/Template/task_modification/show.php
+++ b/app/Template/task_modification/show.php
@@ -3,8 +3,6 @@
</div>
<form method="post" action="<?= $this->url->href('TaskModificationController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
<?= $this->form->csrf() ?>
- <?= $this->form->hidden('id', $values) ?>
- <?= $this->form->hidden('project_id', $values) ?>
<div class="task-form-container">
<div class="task-form-main-column">