Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-37411 Notes: unset courseid and userid when updating the note to …

…prevent accidental changes. Thank you Sam Hemelryk for suggesting an alternative solution.

Conflicts:
	notes/edit.php
  • Loading branch information...
commit e13f286026056febba20e931d71134a2d145a091 1 parent 0053adb
@rwijaya rwijaya authored samhemelryk committed
Showing with 10 additions and 2 deletions.
  1. +10 −2 notes/edit.php
View
12 notes/edit.php
@@ -69,9 +69,17 @@
}
/// if data was submitted and validated, then save it to database
-if ($note = $noteform->get_data()){
+if ($note = $noteform->get_data()) {
+ $notecourseid = isset($note->courseid) ? $note->courseid : SITEID;
+ $noteuserid = isset($note->userid) ? $note->userid : 0;
+ if ($noteid) {
+ // A noteid has been used, we don't allow editing of course or user so
+ // lets unset them to be sure we never change that by accident.
+ unset($note->courseid);
+ unset($note->userid);
+ }
if (note_save($note)) {
- add_to_log($note->courseid, 'notes', 'update', 'index.php?course='.$note->courseid.'&user='.$note->userid . '#note-' . $note->id, 'update note');
+ add_to_log($notecourseid, 'notes', 'update', 'index.php?course='.$notecourseid.'&user='.$noteuserid . '#note-' . $note->id, 'update note');
}
// redirect to notes list that contains this note
redirect($CFG->wwwroot . '/notes/index.php?course=' . $note->courseid . '&user=' . $note->userid);
Please sign in to comment.
Something went wrong with that request. Please try again.