Make sure the booking cancellation is a post request and has a reason value provided (#1178).
This commit is contained in:
parent
378c5eaa25
commit
b65eabd9ed
3 changed files with 9 additions and 2 deletions
|
@ -48,6 +48,13 @@ class Booking_cancellation extends EA_Controller {
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
$cancellation_reason = request('cancellation_reason');
|
||||||
|
|
||||||
|
if ($this->input->method() !== 'post' || empty($cancellation_reason))
|
||||||
|
{
|
||||||
|
abort(403, 'Forbidden');
|
||||||
|
}
|
||||||
|
|
||||||
$exceptions = [];
|
$exceptions = [];
|
||||||
|
|
||||||
$occurrences = $this->appointments_model->get(['hash' => $appointment_hash]);
|
$occurrences = $this->appointments_model->get(['hash' => $appointment_hash]);
|
||||||
|
|
|
@ -209,7 +209,7 @@ class Notifications {
|
||||||
|
|
||||||
if (empty($delete_reason))
|
if (empty($delete_reason))
|
||||||
{
|
{
|
||||||
$delete_reason = (string)request('cancel_reason');
|
$delete_reason = (string)request('cancellation_reason');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Notify provider.
|
// Notify provider.
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
<input type="hidden" name="csrfToken" value="<?= $this->security->get_csrf_hash() ?>"/>
|
<input type="hidden" name="csrfToken" value="<?= $this->security->get_csrf_hash() ?>"/>
|
||||||
|
|
||||||
<input id="cancel-reason" name="cancel_reason" type="hidden">
|
<input id="cancel-reason" name="cancellation_reason" type="hidden">
|
||||||
|
|
||||||
<button id="cancel-appointment" class="btn btn-warning btn-sm">
|
<button id="cancel-appointment" class="btn btn-warning btn-sm">
|
||||||
<?= lang('cancel') ?>
|
<?= lang('cancel') ?>
|
||||||
|
|
Loading…
Reference in a new issue