Permalink
Browse files

MDL-37411 Notes: unset courseid and userid when updating the note to …

…prevent accidental changes. Thank you Sam Hemelryk for suggesting an alternative solution.
  • Loading branch information...
1 parent 88906d0 commit 6a9235c998dab2ec0ddc49898a59dd5089156cb0 @rwijaya rwijaya committed with Sam Hemelryk Mar 5, 2013
Showing with 6 additions and 0 deletions.
  1. +6 −0 notes/edit.php
View
@@ -70,6 +70,12 @@
/// if data was submitted and validated, then save it to database
if ($note = $noteform->get_data()){
+ if ($noteid) {
+ // A noteid has been used, we don't allow editing of course or user so
+ // lets unset them to be sure we never change that by accident.
+ unset($note->courseid);
+ unset($note->userid);
+ }
note_save($note);
// redirect to notes list that contains this note
redirect($CFG->wwwroot . '/notes/index.php?course=' . $note->courseid . '&user=' . $note->userid);

0 comments on commit 6a9235c

Please sign in to comment.