From cf838608646d79e564ea56deaa3802e833acddf2 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Wed, 17 Dec 2014 12:00:36 +0000
Subject: [PATCH] * all apps: suppressing private (or removed) custom-fields
 from history log

---
 phpgwapi/inc/class.historylog.inc.php | 28 ++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/phpgwapi/inc/class.historylog.inc.php b/phpgwapi/inc/class.historylog.inc.php
index 2c4183cecf..a98bcfb6c7 100644
--- a/phpgwapi/inc/class.historylog.inc.php
+++ b/phpgwapi/inc/class.historylog.inc.php
@@ -76,7 +76,7 @@ class historylog
 	/**
 	 * Delete the history-log of one or multiple records of $this->appname
 	 *
-	 * @param int/array $record_id one or more id's of $this->appname, or null to delete ALL records of $this->appname
+	 * @param int|array $record_id one or more id's of $this->appname, or null to delete ALL records of $this->appname
 	 * @return int number of deleted records/rows (0 is not necessaryly an error, it can just mean there's no record!)
 	 */
 	function delete($record_id)
@@ -140,10 +140,10 @@ class historylog
 	/**
 	 * Search history-log
 	 *
-	 * @param array/int $filter array with filters, or int record_id
-	 * @param string $order='history_id' sorting after history_id is identical to history_timestamp
-	 * @param string $sort='DESC'
-	 * @param int $limit=null only return this many entries
+	 * @param array|int $filter array with filters, or int record_id
+	 * @param string $order ='history_id' sorting after history_id is identical to history_timestamp
+	 * @param string $sort ='DESC'
+	 * @param int $limit =null only return this many entries
 	 * @return array of arrays with keys id, record_id, appname, owner (account_id), status, new_value, old_value,
 	 * 	timestamp (Y-m-d H:i:s in servertime), user_ts (timestamp in user-time)
 	 */
@@ -205,6 +205,24 @@ class historylog
 		{
 			$total = $GLOBALS['egw']->db->select(self::TABLE,'COUNT(*)',$filter,__LINE__,__FILE__,false,'','phpgwapi',0)->fetchColumn();
 		}
+		// filter out private (or no longer defined) custom fields
+		if ($filter['history_appname'])
+		{
+			$to_or[] = "history_status NOT LIKE '#%'";
+			// explicitly allow "##" used to store iCal/vCard X-attributes
+			if (in_array($filter['history_appname'], array('calendar','infolog','addressbook')))
+			{
+				$to_or[] = "history_status LIKE '##%'";
+			}
+			if (($cfs = egw_customfields::get($filter['history_appname'])))
+			{
+				$to_or[] =  'history_status IN ('.implode(',', array_map(function($str)
+				{
+					return $GLOBALS['egw']->db->quote('#'.$str);
+				}, array_keys($cfs))).')';
+			}
+			$filter[] = '('.implode(' OR ', $to_or).')';
+		}
 		$_query = array(array(
 			'table' => self::TABLE,
 			'cols' => array('history_id', 'history_record_id','history_appname','history_owner','history_status','history_new_value', 'history_timestamp','history_old_value'),