From defdc72bbdb69ffd915c2679e7a6028c31a116f9 Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 8 Feb 2018 16:56:07 +1300 Subject: [PATCH 1/2] FIX getFieldsForObj does not return relation classes in hasField() check --- src/DataFormatter.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/DataFormatter.php b/src/DataFormatter.php index 246ca34..2e2ace6 100644 --- a/src/DataFormatter.php +++ b/src/DataFormatter.php @@ -301,7 +301,9 @@ abstract class DataFormatter if (is_array($this->customFields)) { foreach ($this->customFields as $fieldName) { // @todo Possible security risk by making methods accessible - implement field-level security - if ($obj->hasField($fieldName) || $obj->hasMethod("get{$fieldName}")) { + if (($obj->hasField($fieldName) && !is_object($obj->getField($fieldName))) + || $obj->hasMethod("get{$fieldName}") + ) { $dbFields[$fieldName] = $fieldName; } } From 5b5822036775b144dbdaaf9bfcb32673ce4409ea Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Thu, 8 Feb 2018 16:56:21 +1300 Subject: [PATCH 2/2] Cleanup unused class imports --- tests/unit/Stubs/RestfulServerTestAuthor.php | 5 +---- tests/unit/Stubs/RestfulServerTestAuthorRating.php | 3 +-- tests/unit/Stubs/RestfulServerTestComment.php | 8 +++----- tests/unit/Stubs/RestfulServerTestPage.php | 4 +--- tests/unit/Stubs/RestfulServerTestSecretThing.php | 4 ++-- 5 files changed, 8 insertions(+), 16 deletions(-) diff --git a/tests/unit/Stubs/RestfulServerTestAuthor.php b/tests/unit/Stubs/RestfulServerTestAuthor.php index 8f16a07..0145f03 100644 --- a/tests/unit/Stubs/RestfulServerTestAuthor.php +++ b/tests/unit/Stubs/RestfulServerTestAuthor.php @@ -2,11 +2,8 @@ namespace SilverStripe\RestfulServer\Tests\Stubs; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestPage; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestAuthor; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestAuthorRating; -use SilverStripe\ORM\DataObject; use SilverStripe\Dev\TestOnly; +use SilverStripe\ORM\DataObject; class RestfulServerTestAuthor extends DataObject implements TestOnly { diff --git a/tests/unit/Stubs/RestfulServerTestAuthorRating.php b/tests/unit/Stubs/RestfulServerTestAuthorRating.php index 87f2500..79300d6 100644 --- a/tests/unit/Stubs/RestfulServerTestAuthorRating.php +++ b/tests/unit/Stubs/RestfulServerTestAuthorRating.php @@ -2,9 +2,8 @@ namespace SilverStripe\RestfulServer\Tests\Stubs; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestAuthor; -use SilverStripe\ORM\DataObject; use SilverStripe\Dev\TestOnly; +use SilverStripe\ORM\DataObject; class RestfulServerTestAuthorRating extends DataObject implements TestOnly { diff --git a/tests/unit/Stubs/RestfulServerTestComment.php b/tests/unit/Stubs/RestfulServerTestComment.php index c780003..349b01c 100644 --- a/tests/unit/Stubs/RestfulServerTestComment.php +++ b/tests/unit/Stubs/RestfulServerTestComment.php @@ -2,12 +2,10 @@ namespace SilverStripe\RestfulServer\Tests\Stubs; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestPage; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestAuthor; -use SilverStripe\Security\Permission; -use SilverStripe\ORM\DataObject; -use SilverStripe\Security\PermissionProvider; use SilverStripe\Dev\TestOnly; +use SilverStripe\ORM\DataObject; +use SilverStripe\Security\Permission; +use SilverStripe\Security\PermissionProvider; /** * Everybody can view comments, logged in members in the "users" group can create comments, diff --git a/tests/unit/Stubs/RestfulServerTestPage.php b/tests/unit/Stubs/RestfulServerTestPage.php index 7c3a725..774d450 100644 --- a/tests/unit/Stubs/RestfulServerTestPage.php +++ b/tests/unit/Stubs/RestfulServerTestPage.php @@ -2,10 +2,8 @@ namespace SilverStripe\RestfulServer\Tests\Stubs; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestAuthor; -use SilverStripe\RestfulServer\Tests\Stubs\RestfulServerTestComment; -use SilverStripe\ORM\DataObject; use SilverStripe\Dev\TestOnly; +use SilverStripe\ORM\DataObject; class RestfulServerTestPage extends DataObject implements TestOnly { diff --git a/tests/unit/Stubs/RestfulServerTestSecretThing.php b/tests/unit/Stubs/RestfulServerTestSecretThing.php index 8faec95..2a87239 100644 --- a/tests/unit/Stubs/RestfulServerTestSecretThing.php +++ b/tests/unit/Stubs/RestfulServerTestSecretThing.php @@ -2,9 +2,9 @@ namespace SilverStripe\RestfulServer\Tests\Stubs; -use SilverStripe\Security\Permission; -use SilverStripe\ORM\DataObject; use SilverStripe\Dev\TestOnly; +use SilverStripe\ORM\DataObject; +use SilverStripe\Security\Permission; use SilverStripe\Security\PermissionProvider; class RestfulServerTestSecretThing extends DataObject implements TestOnly, PermissionProvider