chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Notebook: Validate that only the author can edit the note

Browse Source
pull/4691/head
Angel Fernando Quiroz Campos 3 years ago
parent 80d1a8c906
commit f9a17bfaf0
2 changed files with 12 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      main/inc/lib/notebook.lib.php
  2. 14
      main/notebook/index.php

1
main/inc/lib/notebook.lib.php
Unescape View File

@ -117,6 +117,7 @@ class NotebookManager
$notebook_id = (int) $notebook_id;
$sql = "SELECT
user_id,
notebook_id AS notebook_id,
title AS note_title,
description AS note_comment,

14
main/notebook/index.php
Unescape View File

@ -35,7 +35,8 @@ $tool = TOOL_NOTEBOOK;
// Tracking
Event::event_access_tool(TOOL_NOTEBOOK);
$action = isset($_GET['action']) ? $_GET['action'] : '';
$currentUserId = api_get_user_id();
$action = $_GET['action'] ?? '';
$logInfo = [
'tool' => TOOL_NOTEBOOK,
@ -137,6 +138,15 @@ if ($action === 'addnote') {
exit;
}
// Setting the defaults
$defaults = NotebookManager::get_note_information((int) $_GET['notebook_id']);
if ($currentUserId !== (int) $defaults['user_id']) {
echo Display::return_message(get_lang('NotAllowed'), 'error');
Display::display_footer();
exit();
}
// Initialize the object
$form = new FormValidator(
'note',
@ -159,8 +169,6 @@ if ($action === 'addnote') {
);
$form->addButtonUpdate(get_lang('ModifyNote'), 'SubmitNote');
// Setting the defaults
$defaults = NotebookManager::get_note_information(Security::remove_XSS($_GET['notebook_id']));
$form->setDefaults($defaults);
// Setting the rules

Write Preview
Loading…
Cancel
Save