Permalink
Browse files

MDL-37411 Notes: unset courseid and userid when updating the note to …

…prevent accidental changes. Thank you Sam Hemelryk for suggesting an alternative solution.

Conflicts:
	notes/edit.php
  • Loading branch information...
1 parent 9aa0a70 commit 1b628c489def6e7394821f53a838591aa392e332 Rossiani Wijaya committed with Sam Hemelryk Mar 5, 2013
Showing with 10 additions and 2 deletions.
  1. +10 −2 notes/edit.php
View
@@ -69,9 +69,17 @@
}
/// if data was submitted and validated, then save it to database
-if ($note = $noteform->get_data()){
+if ($note = $noteform->get_data()) {
+ $notecourseid = isset($note->courseid) ? $note->courseid : SITEID;
+ $noteuserid = isset($note->userid) ? $note->userid : 0;
+ if ($noteid) {
+ // A noteid has been used, we don't allow editing of course or user so
+ // lets unset them to be sure we never change that by accident.
+ unset($note->courseid);
+ unset($note->userid);
+ }
if (note_save($note)) {
- add_to_log($note->courseid, 'notes', 'update', 'index.php?course='.$note->courseid.'&user='.$note->userid . '#note-' . $note->id, 'update note');
+ add_to_log($notecourseid, 'notes', 'update', 'index.php?course='.$notecourseid.'&user='.$noteuserid . '#note-' . $note->id, 'update note');
}
// redirect to notes list that contains this note
redirect($CFG->wwwroot . '/notes/index.php?course=' . $note->courseid . '&user=' . $note->userid);

0 comments on commit 1b628c4

Please sign in to comment.