mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT is_array() checks in DataFormatter to respect empty arrays as a form of denying permissions on fields
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64306 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
dada15629a
commit
442ca098a7
@ -243,7 +243,7 @@ abstract class DataFormatter extends Object {
|
|||||||
$dbFields = array();
|
$dbFields = array();
|
||||||
|
|
||||||
// if custom fields are specified, only select these
|
// if custom fields are specified, only select these
|
||||||
if($this->customFields) {
|
if(is_array($this->customFields)) {
|
||||||
foreach($this->customFields as $fieldName) {
|
foreach($this->customFields as $fieldName) {
|
||||||
// @todo Possible security risk by making methods accessible - implement field-level security
|
// @todo Possible security risk by making methods accessible - implement field-level security
|
||||||
if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName;
|
if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName;
|
||||||
@ -252,8 +252,8 @@ abstract class DataFormatter extends Object {
|
|||||||
// by default, all database fields are selected
|
// by default, all database fields are selected
|
||||||
$dbFields = $obj->inheritedDatabaseFields();
|
$dbFields = $obj->inheritedDatabaseFields();
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->customAddFields) {
|
if(is_array($this->customAddFields)) {
|
||||||
foreach($this->customAddFields as $fieldName) {
|
foreach($this->customAddFields as $fieldName) {
|
||||||
// @todo Possible security risk by making methods accessible - implement field-level security
|
// @todo Possible security risk by making methods accessible - implement field-level security
|
||||||
if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName;
|
if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName;
|
||||||
@ -264,10 +264,10 @@ abstract class DataFormatter extends Object {
|
|||||||
$dbFields = array_merge($dbFields, array('ID'=>'Int'));
|
$dbFields = array_merge($dbFields, array('ID'=>'Int'));
|
||||||
|
|
||||||
// @todo Requires PHP 5.1+
|
// @todo Requires PHP 5.1+
|
||||||
if($this->removeFields) {
|
if(is_array($this->removeFields)) {
|
||||||
$dbFields = array_diff_key($dbFields, array_combine($this->removeFields,$this->removeFields));
|
$dbFields = array_diff_key($dbFields, array_combine($this->removeFields,$this->removeFields));
|
||||||
}
|
}
|
||||||
|
|
||||||
return $dbFields;
|
return $dbFields;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user