diff --git a/app/cdash/public/ajax/buildnote.php b/app/cdash/public/ajax/buildnote.php
index ed17ca5c65..c3e72c7046 100644
--- a/app/cdash/public/ajax/buildnote.php
+++ b/app/cdash/public/ajax/buildnote.php
@@ -15,22 +15,26 @@
 =========================================================================*/
 require_once 'include/pdo.php';
 require_once 'include/common.php';
+require_once 'include/api_common.php';
 
 use App\Models\User;
 use CDash\Database;
 
-if (!isset($buildid) || !is_numeric($buildid)) {
+$build = get_request_build();
+
+if ($build === null || !can_administrate_project($build->ProjectId)) {
     echo 'Not a valid buildid!';
     return;
 }
-$buildid = intval($buildid);
+$buildid = intval($build->Id);
 
 $db = Database::getInstance();
 
 // Find the notes
 $note = $db->executePrepared('SELECT * FROM buildnote WHERE buildid=? ORDER BY timestamp ASC', [$buildid]);
 foreach ($note as $note_array) {
-    $user = User::where('id', intval($note_array['userid']));
+    /** @var User $user */
+    $user = User::where('id', intval($note_array['userid']))->first();
     $timestamp = strtotime($note_array['timestamp'] . ' UTC');
     switch (intval($note_array['status'])) {
         case 0:
@@ -43,6 +47,6 @@
             echo '<b>[fixed] </b>';
             break;
     }
-    echo 'by <b>' . $user->firstname . ' ' . $user->lastname . '</b>' . ' (' . date('H:i:s T', $timestamp) . ')';
+    echo 'by <b>' . htmlspecialchars($user->getFullNameAttribute()) . '</b>' . ' (' . date('H:i:s T', $timestamp) . ')';
     echo '<pre>' . substr($note_array['note'], 0, 100) . '</pre>'; // limit 100 chars
 }
diff --git a/app/cdash/public/views/partials/build.html b/app/cdash/public/views/partials/build.html
index a9b58612f2..1a53a56b7e 100644
--- a/app/cdash/public/views/partials/build.html
+++ b/app/cdash/public/views/partials/build.html
@@ -77,7 +77,7 @@
     <!-- Display the note icon -->
     <a name="Build Notes" id="buildnote_{{::build.id}}"
        ng-if="::build.buildnotes > 0"
-       ng-href="ajax/buildnote.php?buildid={{::build.id}}&width=350&link=build%2F{{::build.id}}">
+       ng-href="ajax/buildnote.php?buildid={{::build.id}}">
       <img src="img/note.png" alt="note" class="icon"></img>
     </a>
 
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index 28d9d7de28..546d66ba64 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -16420,16 +16420,6 @@ parameters:
 			count: 2
 			path: app/cdash/public/ajax/buildinfogroup.php
 
-		-
-			message: "#^Access to an undefined property Illuminate\\\\Database\\\\Eloquent\\\\Builder\\<App\\\\Models\\\\User\\>\\:\\:\\$firstname\\.$#"
-			count: 1
-			path: app/cdash/public/ajax/buildnote.php
-
-		-
-			message: "#^Access to an undefined property Illuminate\\\\Database\\\\Eloquent\\\\Builder\\<App\\\\Models\\\\User\\>\\:\\:\\$lastname\\.$#"
-			count: 1
-			path: app/cdash/public/ajax/buildnote.php
-
 		-
 			message: """
 				#^Call to deprecated method executePrepared\\(\\) of class CDash\\\\Database\\: