def note_create(request, project_id, task_id):
if request.method == 'POST':
parent_task = Task.objects.get(pk=task_id)
note_title = request.POST.get('note_title', False)
text = request.POST.get('text', False)
note = Notes(
title=note_title,
text=text,
user=request.user,
task=parent_task)
note.save()
return redirect('/taskManager/' + project_id + '/' +
task_id, {'new_note_added': True})
else:
return render_to_response(
'taskManager/note_create.html', {'task_id': task_id}, RequestContext(request))
# A4: Insecure Direct Object Reference (IDOR)
评论列表
文章目录