}
$page = new FSTpl();
// make sure people are not attempting to manually fiddle with projects they are not allowed to play with
if (Req::has('project') && Req::val('project') != 0 && !$user->can_view_project(Req::val('project'))) {
Flyspray::show_error(L('nopermission'));
exit;
}
if ($show_task = Get::val('show_task')) {
// If someone used the 'show task' form, redirect them
if (is_numeric($show_task)) {
Flyspray::Redirect(CreateURL('details', $show_task));
} else {
Flyspray::Redirect($baseurl . '?string=' . $show_task);
}
}
if (Flyspray::requestDuplicated()) {
// Check that this page isn't being submitted twice
Flyspray::show_error(3);
}
# handle all forms request that modify data
if (Req::has('action')) {
# enforcing if the form sent the correct anti csrf token
# only allow token by post
if (!Post::has('csrftoken')) {
die('missingtoken');
} elseif (Post::val('csrftoken') == $_SESSION['csrftoken']) {
require_once BASEDIR . '/includes/modify.inc.php';
} else {
die('wrongtoken');
}
}
