From 445ef6d1481745cd4e7af7e671f534a25d4495dc Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 28 May 2014 15:14:52 -0400
Subject: Add CSRF protections

---
 app/Controller/Task.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'app/Controller/Task.php')

diff --git a/app/Controller/Task.php b/app/Controller/Task.php
index 68e3728a..d44ba268 100644
--- a/app/Controller/Task.php
+++ b/app/Controller/Task.php
@@ -218,6 +218,7 @@ class Task extends Base
      */
     public function close()
     {
+        $this->checkCSRFParam();
         $task = $this->getTask();
 
         if ($this->task->close($task['id'])) {
@@ -252,6 +253,7 @@ class Task extends Base
      */
     public function open()
     {
+        $this->checkCSRFParam();
         $task = $this->getTask();
 
         if ($this->task->open($task['id'])) {
@@ -286,6 +288,7 @@ class Task extends Base
      */
     public function remove()
     {
+        $this->checkCSRFParam();
         $task = $this->getTask();
 
         if ($this->task->remove($task['id'])) {
-- 
cgit v1.2.3