N°5168 - Access to unauthorized contact information on Portal (#305)

GlobalRequestMgmt issue
This commit is contained in:
bdalsass
2022-07-08 09:51:20 +02:00
committed by GitHub
parent 1a225bf55b
commit 8b0154cc62
2 changed files with 2 additions and 2 deletions

View File

@@ -93,7 +93,7 @@ class ObjectFormManager extends FormManager
* @since 2.7.6 3.0.0 N°4384 method creation : factorize as this is used twice now
* @since 2.7.7 3.0.1 N°4867 now only used once, but we decided to keep this method anyway
*/
protected static function DecodeFormManagerData($formManagerData)
public static function DecodeFormManagerData($formManagerData)
{
if (is_array($formManagerData)) {
return $formManagerData;

View File

@@ -451,7 +451,7 @@ class ObjectFormHandlerHelper
* @throws \OQLException
*/
public function CheckReadFormDataAllowed($sFormManagerData){
$aJsonFromData = json_decode($sFormManagerData, true);
$aJsonFromData = ObjectFormManager::DecodeFormManagerData($sFormManagerData);
if(isset($aJsonFromData['formobject_class'])
&& isset($aJsonFromData['formobject_id'])
&& !$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $aJsonFromData['formobject_class'], $aJsonFromData['formobject_id'])){