mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-28 02:43:22 +01:00
* API - Make sure private custom fields are not accidentally included in notification due to being cached
This commit is contained in:
parent
1df9b656fe
commit
001821175b
@ -254,6 +254,10 @@ abstract class Tracking
|
||||
{
|
||||
if (in_array($field['type'], Customfields::$non_printable_fields)) continue;
|
||||
|
||||
// Sometimes cached customfields let private fields the user can access
|
||||
// leak through. Make sure we don't expose them.
|
||||
if ($field['private']) continue;
|
||||
|
||||
if (!$header_done)
|
||||
{
|
||||
$details['custom'] = array(
|
||||
|
Loading…
Reference in New Issue
Block a user