From 944c29b96429ec95ac1371cb33cc43704a60c7b1 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 20 Nov 2018 16:02:03 +0100
Subject: Require POST for sending forms

* Ensure that the form is submitted with a post request
* Replaced several links with forms

Closes #494 (Security Vulnerability)
---
 includes/view/ShiftTypes_view.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'includes/view/ShiftTypes_view.php')

diff --git a/includes/view/ShiftTypes_view.php b/includes/view/ShiftTypes_view.php
index 7053f164..72d119ff 100644
--- a/includes/view/ShiftTypes_view.php
+++ b/includes/view/ShiftTypes_view.php
@@ -21,17 +21,17 @@ function ShiftType_delete_view($shifttype)
 {
     return page_with_title(sprintf(__('Delete shifttype %s'), $shifttype['name']), [
         info(sprintf(__('Do you want to delete shifttype %s?'), $shifttype['name']), true),
-        buttons([
-            button(page_link_to('shifttypes'), glyph('remove') . __('cancel')),
-            button(
-                page_link_to(
-                    'shifttypes',
-                    ['action' => 'delete', 'shifttype_id' => $shifttype['id'], 'confirmed' => 1]
+        form([
+            buttons([
+                button(page_link_to('shifttypes'), glyph('remove') . __('cancel')),
+                form_submit(
+                    'delete',
+                    glyph('ok') . __('delete'),
+                    'btn-danger',
+                    false
                 ),
-                glyph('ok') . __('delete'),
-                'btn-danger'
-            )
-        ])
+            ]),
+        ]),
     ]);
 }
 
-- 
cgit v1.2.3-54-g00ecf