N°5168 - Access to unauthorized contact information on Portal (#305)

GlobalRequestMgmt issue
2026-04-21 01:28:47 +02:00 · 2022-07-08 09:51:20 +02:00
parent 1a225bf55b
commit 8b0154cc62
2 changed files with 2 additions and 2 deletions
--- a/datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php
@@ -93,7 +93,7 @@ class ObjectFormManager extends FormManager
 	 * @since 2.7.6 3.0.0 N°4384 method creation : factorize as this is used twice now
 	 * @since 2.7.7 3.0.1 N°4867 now only used once, but we decided to keep this method anyway
 	 */
-	protected static function DecodeFormManagerData($formManagerData)
+	public static function DecodeFormManagerData($formManagerData)
 	{
 		if (is_array($formManagerData)) {
 			return $formManagerData;
--- a/datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php
@@ -451,7 +451,7 @@ class ObjectFormHandlerHelper
 	 * @throws \OQLException
 	 */
 	public function CheckReadFormDataAllowed($sFormManagerData){
-		$aJsonFromData = json_decode($sFormManagerData, true);
+		$aJsonFromData = ObjectFormManager::DecodeFormManagerData($sFormManagerData);
 		if(isset($aJsonFromData['formobject_class'])
 			&& isset($aJsonFromData['formobject_id'])
 			&& !$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $aJsonFromData['formobject_class'], $aJsonFromData['formobject_id'])){