} $page = new FSTpl(); // make sure people are not attempting to manually fiddle with projects they are not allowed to play with if (Req::has('project') && Req::val('project') != 0 && !$user->can_view_project(Req::val('project'))) { Flyspray::show_error(L('nopermission')); exit; } if ($show_task = Get::val('show_task')) { // If someone used the 'show task' form, redirect them if (is_numeric($show_task)) { Flyspray::Redirect(CreateURL('details', $show_task)); } else { Flyspray::Redirect($baseurl . '?string=' . $show_task); } } if (Flyspray::requestDuplicated()) { // Check that this page isn't being submitted twice Flyspray::show_error(3); } # handle all forms request that modify data if (Req::has('action')) { # enforcing if the form sent the correct anti csrf token # only allow token by post if (!Post::has('csrftoken')) { die('missingtoken'); } elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) { require_once BASEDIR . '/includes/modify.inc.php'; } else { die('wrongtoken'); } }