diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-20 16:02:03 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-11-21 19:24:36 +0100 |
commit | 944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch) | |
tree | 7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/view/UserWorkLog_view.php | |
parent | fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff) |
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes #494 (Security Vulnerability)
Diffstat (limited to 'includes/view/UserWorkLog_view.php')
-rw-r--r-- | includes/view/UserWorkLog_view.php | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/includes/view/UserWorkLog_view.php b/includes/view/UserWorkLog_view.php index 8b4e7ae3..0d5e7797 100644 --- a/includes/view/UserWorkLog_view.php +++ b/includes/view/UserWorkLog_view.php @@ -5,23 +5,22 @@ use Engelsystem\Models\User\User; /** * Delete work log entry. * - * @param User $user_source - * @param array $userWorkLog + * @param User $user_source * @return string */ -function UserWorkLog_delete_view($user_source, $userWorkLog) +function UserWorkLog_delete_view($user_source) { return page_with_title(UserWorkLog_delete_title(), [ info(sprintf( __('Do you want to delete the worklog entry for %s?'), User_Nick_render($user_source) ), true), - buttons([ - button(user_link($user_source->id), glyph('remove') . __('cancel')), - button(user_worklog_delete_link($userWorkLog, [ - 'confirmed' => 1 - ]), glyph('ok') . __('delete'), 'btn-danger') - ]) + form([ + buttons([ + button(user_link($user_source->id), glyph('remove') . __('cancel')), + form_submit('submit', glyph('ok') . __('delete'), 'btn-danger', false), + ]), + ]), ]); } |