diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | app/Controller/Base.php | 5 |
2 files changed, 6 insertions, 0 deletions
@@ -20,6 +20,7 @@ Bug fixes: * Wrong template name for subtasks tooltip due to previous refactoring * Fix broken url for closed tasks in project view +* Fix permission issue when changing the url manually Version 1.0.17 -------------- diff --git a/app/Controller/Base.php b/app/Controller/Base.php index f68c4755..bfcbfd2a 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -269,12 +269,17 @@ abstract class Base extends \Core\Base */ protected function getTask() { + $project_id = $this->request->getIntegerParam('project_id'); $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id')); if (empty($task)) { $this->notfound(); } + if ($project_id !== 0 && $project_id != $task['project_id']) { + $this->forbidden(); + } + return $task; } |