N°602: InlineImage "randomly" not available for display.

Adding an InlineImage while adding an object in a IndirectLinkedSet at the same time would attach the InlineImage to the linked object instead of the host one. If their organizations were different, it could result in a security issue, denying the display of the InlineImage.

SVN:trunk[4561]

application/cmdbabstract.class.inc.php

@@ -3328,8 +3328,6 @@ EOF
 	{
 		$res = parent::DBInsertNoReload();
 
-		InlineImage::FinalizeInlineImages($this);
-		
 		// Invoke extensions after insertion (the object must exist, have an id, etc.)
 		foreach (MetaModel::EnumPlugins('iApplicationObjectExtension') as $oExtensionInstance)
 		{
@@ -3339,6 +3337,14 @@ EOF
 		return $res;
 	}
 
+    /**
+     * Attaches InlineImages to the current object
+     */
+	protected function OnObjectKeyReady()
+    {
+        InlineImage::FinalizeInlineImages($this);
+    }
+
 	protected function DBCloneTracked_Internal($newKey = null)
 	{
 		$oNewObj = parent::DBCloneTracked_Internal($newKey);

core/dbobject.class.php

@@ -1411,6 +1411,12 @@ abstract class DBObject implements iDisplay
 		return true;
 	}
 
+	// used only by insert
+	protected function OnObjectKeyReady()
+    {
+        // Meant to be overloaded
+    }
+
 	// used both by insert/update
 	private function DBWriteLinks()
 	{
@@ -1648,7 +1654,9 @@ abstract class DBObject implements iDisplay
 			$this->DBInsertSingleTable($sParentClass);
 		}
 
-		$this->DBWriteLinks();
+		$this->OnObjectKeyReady();
+
+        $this->DBWriteLinks();
 		$this->WriteExternalAttributes();
 
 		$this->m_bIsInDB = true;