Commit 30a38232 authored by Fokkema's avatar Fokkema

Made it a bit harder for ViewLists to get their ColsToSkip overridden.

- Hiding columns for a VL is stored in session upon defining the VL. However, VLs can be loaded independently of being defined first, for the External Viewer.
- To allow for the External Viewer to hide columns, VLs could be told to hide additional columns. However, this was overwriting the current list of hidden columns, allowing special requests that would columns previously hidden.
- For the Users VL, which was opened up to Submitters due to the Colleagues feature, overwriting the ColsToSkip was prevented in the VL code specifically, to hide sensitive data.
- Added a global solution that makes sure for other VLs the list doesn't get overwritten either, but merged instead. This prevents pre-defined VLs to lose their ColsToSkip using specially crafted requests.
- However, as the External Viewer just loads undefined VLs, it can be configured to show all columns in these VLs. As such, if the ColsToSkip feature is ever used to hide sensitive data, these columns need to be defined in the VL code itself.
parent 849fcb82
......@@ -141,7 +141,18 @@ $aColsToSkip = (!empty($_REQUEST['skip'])? $_REQUEST['skip'] : array());
// about users than the info the access sharing page gives them.
if ($sObject == 'User' && $_AUTH['level'] < LEVEL_MANAGER) {
// Force removal of certain columns, regardless of this has been requested or not.
$aColsToSkip = array_unique(array_merge($aColsToSkip, array('username', 'status_', 'last_login_', 'created_date_', 'curates', 'level_')));
// We cannot trust this was set in $_SESSION already since the VL can be loaded independently.
$aColsToSkip = array_unique(
array_merge(
$aColsToSkip,
array(
'username',
'status_',
'last_login_',
'created_date_',
'curates',
'level_'
)));
}
// Managers, and sometimes curators, are allowed to download lists...
......@@ -221,7 +232,12 @@ if (POST && ACTION == 'applyFR') {
// Parameters are assumed to be in $_SESSION, only cols_to_skip can be overridden. This is for the external viewer.
$aOptions = array();
if ($aColsToSkip) {
$aOptions['cols_to_skip'] = $aColsToSkip;
// Don't let the requested list of columns overwrite the original one. Only additional columns may be hidden.
$aOptions['cols_to_skip'] = array_unique(array_merge(
(!isset($_SESSION['viewlists'][$_GET['viewlistid']]['options']['cols_to_skip'])? array()
: $_SESSION['viewlists'][$_GET['viewlistid']]['options']['cols_to_skip']),
$aColsToSkip
));
}
$_DATA->viewList($_GET['viewlistid'], $aOptions);
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment