def note_edit(request, project_id, task_id, note_id):
proj = Project.objects.get(pk=project_id)
task = Task.objects.get(pk=task_id)
note = Notes.objects.get(pk=note_id)
if request.method == 'POST':
if task.project == proj:
if note.task == task:
text = request.POST.get('text', False)
note_title = request.POST.get('note_title', False)
note.title = note_title
note.text = text
note.save()
return redirect('/taskManager/' + project_id + '/' + task_id)
else:
return render_to_response(
'taskManager/note_edit.html', {'note': note}, RequestContext(request))
# A4: Insecure Direct Object Reference (IDOR)
评论列表
文章目录
