ENHANCEMENT is_array() checks in DataFormatter to respect empty arrays as a form of denying permissions on fields

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64306 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-10-15 15:44:06 +00:00
parent dada15629a
commit 442ca098a7

View File

@ -243,7 +243,7 @@ abstract class DataFormatter extends Object {
$dbFields = array(); $dbFields = array();
// if custom fields are specified, only select these // if custom fields are specified, only select these
if($this->customFields) { if(is_array($this->customFields)) {
foreach($this->customFields as $fieldName) { foreach($this->customFields as $fieldName) {
// @todo Possible security risk by making methods accessible - implement field-level security // @todo Possible security risk by making methods accessible - implement field-level security
if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName; if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName;
@ -252,8 +252,8 @@ abstract class DataFormatter extends Object {
// by default, all database fields are selected // by default, all database fields are selected
$dbFields = $obj->inheritedDatabaseFields(); $dbFields = $obj->inheritedDatabaseFields();
} }
if($this->customAddFields) { if(is_array($this->customAddFields)) {
foreach($this->customAddFields as $fieldName) { foreach($this->customAddFields as $fieldName) {
// @todo Possible security risk by making methods accessible - implement field-level security // @todo Possible security risk by making methods accessible - implement field-level security
if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName; if($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) $dbFields[$fieldName] = $fieldName;
@ -264,10 +264,10 @@ abstract class DataFormatter extends Object {
$dbFields = array_merge($dbFields, array('ID'=>'Int')); $dbFields = array_merge($dbFields, array('ID'=>'Int'));
// @todo Requires PHP 5.1+ // @todo Requires PHP 5.1+
if($this->removeFields) { if(is_array($this->removeFields)) {
$dbFields = array_diff_key($dbFields, array_combine($this->removeFields,$this->removeFields)); $dbFields = array_diff_key($dbFields, array_combine($this->removeFields,$this->removeFields));
} }
return $dbFields; return $dbFields;
} }