From 3e0f14ae2b0b5a44bd038a472f17eac75f538524 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 23 Sep 2017 20:56:54 -0700
Subject: Do not expose IDs in forms

---
 app/Template/comment/create.php            | 2 --
 app/Template/comment/edit.php              | 3 ---
 app/Template/subtask/create.php            | 3 +--
 app/Template/subtask/edit.php              | 2 --
 app/Template/task_external_link/edit.php   | 2 +-
 app/Template/task_external_link/find.php   | 1 -
 app/Template/task_external_link/form.php   | 2 --
 app/Template/task_internal_link/create.php | 1 -
 app/Template/task_internal_link/edit.php   | 4 +---
 app/Template/task_modification/show.php    | 2 --
 10 files changed, 3 insertions(+), 19 deletions(-)

(limited to 'app/Template')

diff --git a/app/Template/comment/create.php b/app/Template/comment/create.php
index 0e19ac19..55e972dc 100644
--- a/app/Template/comment/create.php
+++ b/app/Template/comment/create.php
@@ -8,8 +8,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('CommentController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('task_id', $values) ?>
-    <?= $this->form->hidden('user_id', $values) ?>
 
     <?= $this->form->textEditor('comment', $values, $errors, array('autofocus' => true, 'required' => true)) ?>
 
diff --git a/app/Template/comment/edit.php b/app/Template/comment/edit.php
index 04f6ffd4..db8d2921 100644
--- a/app/Template/comment/edit.php
+++ b/app/Template/comment/edit.php
@@ -4,9 +4,6 @@
 
 <form method="post" action="<?= $this->url->href('CommentController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'comment_id' => $comment['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('task_id', $values) ?>
-    <?= $this->form->hidden('user_id', $values) ?>
 
     <?= $this->form->textEditor('comment', $values, $errors, array('autofocus' => true, 'required' => true)) ?>
 
diff --git a/app/Template/subtask/create.php b/app/Template/subtask/create.php
index 96ad7a46..bbb64005 100644
--- a/app/Template/subtask/create.php
+++ b/app/Template/subtask/create.php
@@ -3,9 +3,8 @@
 </div>
 
 <form method="post" action="<?= $this->url->href('SubtaskController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
-
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('task_id', $values) ?>
+
     <?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
     <?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
     <?= $this->subtask->renderTimeEstimatedField($values, $errors) ?>
diff --git a/app/Template/subtask/edit.php b/app/Template/subtask/edit.php
index 7c0266a8..aed57e95 100644
--- a/app/Template/subtask/edit.php
+++ b/app/Template/subtask/edit.php
@@ -4,8 +4,6 @@
 
 <form method="post" action="<?= $this->url->href('SubtaskController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'subtask_id' => $subtask['id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('task_id', $values) ?>
 
     <?= $this->subtask->renderTitleField($values, $errors, array('autofocus')) ?>
     <?= $this->subtask->renderAssigneeField($users_list, $values, $errors) ?>
diff --git a/app/Template/task_external_link/edit.php b/app/Template/task_external_link/edit.php
index df10d444..e448b10f 100644
--- a/app/Template/task_external_link/edit.php
+++ b/app/Template/task_external_link/edit.php
@@ -2,7 +2,7 @@
     <h2><?= t('Edit external link') ?></h2>
 </div>
 
-<form action="<?= $this->url->href('TaskExternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
+<form action="<?= $this->url->href('TaskExternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'link_id' => $link['id'])) ?>" method="post" autocomplete="off">
     <?= $this->render('task_external_link/form', array('task' => $task, 'dependencies' => $dependencies, 'values' => $values, 'errors' => $errors)) ?>
     <?= $this->modal->submitButtons() ?>
 </form>
diff --git a/app/Template/task_external_link/find.php b/app/Template/task_external_link/find.php
index a3665c0d..29d85101 100644
--- a/app/Template/task_external_link/find.php
+++ b/app/Template/task_external_link/find.php
@@ -4,7 +4,6 @@
 
 <form action="<?= $this->url->href('TaskExternalLinkController', 'create', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
 
     <?= $this->form->label(t('External link'), 'text') ?>
     <?= $this->form->text(
diff --git a/app/Template/task_external_link/form.php b/app/Template/task_external_link/form.php
index 932ca521..4ad2b2e0 100644
--- a/app/Template/task_external_link/form.php
+++ b/app/Template/task_external_link/form.php
@@ -1,6 +1,4 @@
 <?= $this->form->csrf() ?>
-<?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
-<?= $this->form->hidden('id', $values) ?>
 <?= $this->form->hidden('link_type', $values) ?>
 
 <?= $this->form->label(t('URL'), 'url') ?>
diff --git a/app/Template/task_internal_link/create.php b/app/Template/task_internal_link/create.php
index c5e80f41..bab41253 100644
--- a/app/Template/task_internal_link/create.php
+++ b/app/Template/task_internal_link/create.php
@@ -5,7 +5,6 @@
 <form action="<?= $this->url->href('TaskInternalLinkController', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
 
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('task_id', array('task_id' => $task['id'])) ?>
     <?= $this->form->hidden('opposite_task_id', $values) ?>
 
     <?= $this->form->label(t('Label'), 'link_id') ?>
diff --git a/app/Template/task_internal_link/edit.php b/app/Template/task_internal_link/edit.php
index 5abf7b65..fab84d0b 100644
--- a/app/Template/task_internal_link/edit.php
+++ b/app/Template/task_internal_link/edit.php
@@ -3,10 +3,8 @@
 </div>
 
 <form action="<?= $this->url->href('TaskInternalLinkController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'link_id' => $task_link['id'])) ?>" method="post" autocomplete="off">
-
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('task_id', $values) ?>
+
     <?= $this->form->hidden('opposite_task_id', $values) ?>
 
     <?= $this->form->label(t('Label'), 'link_id') ?>
diff --git a/app/Template/task_modification/show.php b/app/Template/task_modification/show.php
index 710abedf..ebe9f6fd 100644
--- a/app/Template/task_modification/show.php
+++ b/app/Template/task_modification/show.php
@@ -3,8 +3,6 @@
 </div>
 <form method="post" action="<?= $this->url->href('TaskModificationController', 'update', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" autocomplete="off">
     <?= $this->form->csrf() ?>
-    <?= $this->form->hidden('id', $values) ?>
-    <?= $this->form->hidden('project_id', $values) ?>
 
     <div class="task-form-container">
         <div class="task-form-main-column">
-- 
cgit v1.2.3