extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-24 08:53:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

* API - Make sure private custom fields are not accidentally included in notification due to being cached

Browse Source
This commit is contained in:
nathangray 2017-12-21 11:26:51 -07:00
parent 1df9b656fe
commit 001821175b
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/Storage/Tracking.php
View File

@ -254,6 +254,10 @@ abstract class Tracking
{ {
if (in_array($field['type'], Customfields::$non_printable_fields)) continue; if (in_array($field['type'], Customfields::$non_printable_fields)) continue;
// Sometimes cached customfields let private fields the user can access
// leak through. Make sure we don't expose them.
if ($field['private']) continue;
if (!$header_done) if (!$header_done)
{ {
$details['custom'] = array( $details['custom'] = array(