| Project: | ProjectPier |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | TheWalrus |
| Status: | closed - by issue author |
A client can be deleted without any confirmation via a simple GET request. This is related to Issue 622.
e.g.: http://localhost/projectpier/index.php?c=company&a=delete_client&id=999
would delete client #999 without any confirmation. The link is normally accessed via the 'clients' action of the 'administration' controller. That link is protected by a JavaScript confirmation. However, it seems safer to me to have a delete confirmation HTML page where the user is forced to reenter their password before the client is deleted. This patch creates that confirmation system.
To apply the patch, cd into your ProjectPier directory and run
patch -p0 < confirm-delete-client.diff.txt
Note: if you have already applied the patch for Issue 622 then patch will complain about language/en_us/messages.php already having been patched. In this case, tell patch to not modify that file.
| Attachment | Size |
|---|---|
| confirm-delete-client.diff_.txt | 4.68 KB |
here's a patch for SVN revision 104
Closed in favor of Issue 629.