Permalink
Browse files

Fixed potential access to blacklisted attributes containing sensitive…

… data
  • Loading branch information...
1 parent 64cfefe commit 3b8a0a3095a02450a340f547606f9082cf9bd7db @lolautruche lolautruche committed Apr 11, 2012
Showing with 8 additions and 1 deletion.
  1. +8 −1 classes/models/rest_content_model.php
@@ -124,7 +124,14 @@ public static function attributeOutputData( ezpContentField $field )
$attributeValue = array( $strRepImage );
break;
default:
- $attributeValue = array( $field->toString() );
+ $datatypeBlacklist = array_fill_keys(
+ eZINI::instance()->variable( 'ContentSettings', 'DatatypeBlackListForExternal' ),
+ true
+ );
+ if ( isset ( $datatypeBlacklist[$field->data_type_string] ) )
+ $attributeValue = array( null );
+ else
+ $attributeValue = array( $field->toString() );
break;
}

0 comments on commit 3b8a0a3

Please sign in to comment.