From 074f6c104f3e49401ef0065540338fc2d4be79f0 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 23 Sep 2017 18:48:45 -0700
Subject: Avoid people to alter other projects by changing form data

---
 app/Controller/CategoryController.php | 31 +++++++++----------------------
 1 file changed, 9 insertions(+), 22 deletions(-)

(limited to 'app/Controller/CategoryController.php')

diff --git a/app/Controller/CategoryController.php b/app/Controller/CategoryController.php
index 69bbad5a..e3f2406b 100644
--- a/app/Controller/CategoryController.php
+++ b/app/Controller/CategoryController.php
@@ -12,24 +12,6 @@ use Kanboard\Core\Controller\PageNotFoundException;
  */
 class CategoryController extends BaseController
 {
-    /**
-     * Get the category (common method between actions)
-     *
-     * @access private
-     * @return array
-     * @throws PageNotFoundException
-     */
-    private function getCategory()
-    {
-        $category = $this->categoryModel->getById($this->request->getIntegerParam('category_id'));
-
-        if (empty($category)) {
-            throw new PageNotFoundException();
-        }
-
-        return $category;
-    }
-
     /**
      * List of categories for a given project
      *
@@ -72,8 +54,9 @@ class CategoryController extends BaseController
     public function save()
     {
         $project = $this->getProject();
-
         $values = $this->request->getValues();
+        $values['project_id'] = $project['id'];
+
         list($valid, $errors) = $this->categoryValidator->validateCreation($values);
 
         if ($valid) {
@@ -100,7 +83,7 @@ class CategoryController extends BaseController
     public function edit(array $values = array(), array $errors = array())
     {
         $project = $this->getProject();
-        $category = $this->getCategory();
+        $category = $this->getCategory($project);
 
         $this->response->html($this->template->render('category/edit', array(
             'values'  => empty($values) ? $category : $values,
@@ -117,8 +100,12 @@ class CategoryController extends BaseController
     public function update()
     {
         $project = $this->getProject();
+        $category = $this->getCategory($project);
 
         $values = $this->request->getValues();
+        $values['project_id'] = $project['id'];
+        $values['id'] = $category['id'];
+
         list($valid, $errors) = $this->categoryValidator->validateModification($values);
 
         if ($valid) {
@@ -141,7 +128,7 @@ class CategoryController extends BaseController
     public function confirm()
     {
         $project = $this->getProject();
-        $category = $this->getCategory();
+        $category = $this->getCategory($project);
 
         $this->response->html($this->helper->layout->project('category/remove', array(
             'project'  => $project,
@@ -158,7 +145,7 @@ class CategoryController extends BaseController
     {
         $this->checkCSRFParam();
         $project = $this->getProject();
-        $category = $this->getCategory();
+        $category = $this->getCategory($project);
 
         if ($this->categoryModel->remove($category['id'])) {
             $this->flash->success(t('Category removed successfully.'));
-- 
cgit v1.2.3