Tasks: Use POST for ajax calls that change data

3 files changed, 4 insertions, 4 deletions

diff --git a/apps/tasks/ajax/addtask.php b/apps/tasks/ajax/addtask.php
index d6e313bd089..9f35e7f21ec 100644
--- a/apps/tasks/ajax/addtask.php
+++ b/apps/tasks/ajax/addtask.php
@@ -8,7 +8,7 @@ $calendars = OC_Calendar_Calendar::allCalendars(OCP\User::getUser(), true);
 $first_calendar = reset($calendars);
 $cid = $first_calendar['id'];
 
-$input = $_GET['text'];
+$input = $_POST['text'];
 $request = array();
 $request['summary'] = $input;
 $request["categories"] = null;
diff --git a/apps/tasks/ajax/delete.php b/apps/tasks/ajax/delete.php
index 6d2868748d1..e29add9b556 100644
--- a/apps/tasks/ajax/delete.php
+++ b/apps/tasks/ajax/delete.php
@@ -24,7 +24,7 @@
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
 
-$id = $_GET['id'];
+$id = $_POST['id'];
 $task = OC_Calendar_App::getEventObject( $id );
 
 OC_Calendar_Object::delete($id);
diff --git a/apps/tasks/js/tasks.js b/apps/tasks/js/tasks.js
index 60d2a523be1..d1e3a9969b4 100644
--- a/apps/tasks/js/tasks.js
+++ b/apps/tasks/js/tasks.js
@@ -440,7 +440,7 @@ $(document).ready(function(){
 
 	$('#tasks_delete').live('click',function(){
 		var id = $('#task_details').data('id');
-		$.getJSON('ajax/delete.php',{'id':id},function(jsondata){
+		$.post('ajax/delete.php',{'id':id},function(jsondata){
 			if(jsondata.status == 'success'){
 				$('#tasks [data-id="'+jsondata.data.id+'"]').remove();
 				$('#task_details').data('id','');
@@ -455,7 +455,7 @@ $(document).ready(function(){
 
 	$('#tasks_addtask').click(function(){
 		var input = $('#tasks_newtask').val();
-		$.getJSON(OC.filePath('tasks', 'ajax', 'addtask.php'),{text:input},function(jsondata){
+		$.post(OC.filePath('tasks', 'ajax', 'addtask.php'),{text:input},function(jsondata){
 			if(jsondata.status == 'success'){
 				$('#tasks_list').append(OC.Tasks.create_task_div(jsondata.task));
 			}