From 442ca098a72856fc715aeabb21c18fd52c86ba69 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Wed, 15 Oct 2008 15:44:06 +0000 Subject: [PATCH] ENHANCEMENT is_array() checks in DataFormatter to respect empty arrays as a form of denying permissions on fields git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64306 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- api/DataFormatter.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/api/DataFormatter.php b/api/DataFormatter.php index a2ac9be17..25469fd9a 100644 --- a/api/DataFormatter.php +++ b/api/DataFormatter.php @@ -243,7 +243,7 @@ abstract class DataFormatter extends Object { $dbFields = array(); // if custom fields are specified, only select these - if($this->customFields) { + if(is_array($this->customFields)) { foreach($this->customFields as $fieldName) { // @todo Possible security risk by making methods accessible - implement field-level security if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName; @@ -252,8 +252,8 @@ abstract class DataFormatter extends Object { // by default, all database fields are selected $dbFields = $obj->inheritedDatabaseFields(); } - - if($this->customAddFields) { + + if(is_array($this->customAddFields)) { foreach($this->customAddFields as $fieldName) { // @todo Possible security risk by making methods accessible - implement field-level security if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName; @@ -264,10 +264,10 @@ abstract class DataFormatter extends Object { $dbFields = array_merge($dbFields, array('ID'=>'Int')); // @todo Requires PHP 5.1+ - if($this->removeFields) { + if(is_array($this->removeFields)) { $dbFields = array_diff_key($dbFields, array_combine($this->removeFields,$this->removeFields)); } - + return $dbFields; }