From 944c29b96429ec95ac1371cb33cc43704a60c7b1 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 20 Nov 2018 16:02:03 +0100
Subject: Require POST for sending forms

* Ensure that the form is submitted with a post request
* Replaced several links with forms

Closes #494 (Security Vulnerability)
---
 includes/controller/user_worklog_controller.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'includes/controller/user_worklog_controller.php')

diff --git a/includes/controller/user_worklog_controller.php b/includes/controller/user_worklog_controller.php
index 333fd76e..4eaa5e91 100644
--- a/includes/controller/user_worklog_controller.php
+++ b/includes/controller/user_worklog_controller.php
@@ -16,7 +16,7 @@ function user_worklog_delete_controller()
     }
     $user_source = User::find($userWorkLog['user_id']);
 
-    if ($request->has('confirmed')) {
+    if ($request->hasPostData('submit')) {
         UserWorkLog_delete($userWorkLog);
 
         success(__('Work log entry deleted.'));
@@ -25,7 +25,7 @@ function user_worklog_delete_controller()
 
     return [
         UserWorkLog_delete_title(),
-        UserWorkLog_delete_view($user_source, $userWorkLog)
+        UserWorkLog_delete_view($user_source)
     ];
 }
 
@@ -43,7 +43,7 @@ function user_worklog_edit_controller()
     }
     $user_source = User::find($userWorkLog['user_id']);
 
-    if ($request->has('submit')) {
+    if ($request->hasPostData('submit')) {
         list ($valid, $userWorkLog) = user_worklog_from_request($userWorkLog);
 
         if ($valid) {
@@ -114,7 +114,7 @@ function user_worklog_add_controller()
 
     $userWorkLog = UserWorkLog_new($user_source->id);
 
-    if ($request->has('submit')) {
+    if ($request->hasPostData('submit')) {
         list ($valid, $userWorkLog) = user_worklog_from_request($userWorkLog);
 
         if ($valid) {
-- 
cgit v1.2.3-70-g09d2