Feature proposal #2445
closed
Calculated fields should be able to be substituted by CB substitutions, and thus raw field substitution should use the API and not database directly
Added by krileon over 13 years ago.
Updated over 13 years ago.
Description
When using [field_name] it is retrieving the field value from $user object instead of API. The same is said for userdata substitutions. This results in any integration that provides a value through dynamic means and has no user storage to always fail. For example with CB Query Field and [cb_query] is used, it simply returns [cb_query] instead of raw value.
Files
- File 2445.patch 2445.patch added
- Status changed from New to Resolved
- Assignee changed from krileon to beat
- % Done changed from 0 to 100
Added new function to evaluate [FIELD] instead of simply looping through user object and replacing. New function checks to make sure the contents inside of [] is actually a field before returning the resulting value (stops [asdgag] from returning nothing for instance).
- Target version set to CB 1.7
- Estimated time set to 5:00 h
r1525 implements slightly differently the raw DATA but same principle and result.
For userfield the patch has 2 issues:
- it is not case-insensitive like the replaced old code, so [USERNAME] wouldn't work as it did.
- Additionally it doesn't handle $htmlspecialchar parameter properly, and as such would be a vulnerability if implemented that way.
Thus patch can't be applied to CB as is.
Preparing an alternate, secure, implementation solving the 2 issues detected above.
- Subject changed from raw field substitution not API driven to Calculated fields should be able to be substituted by CB substitutions, and thus raw field substitution should use the API and not database directly
- Status changed from Resolved to Closed
CB 1.7 RC regression bug: [NAME] was not substituted anymore with first+last name
r1540 fixes regression of r1524, r1525 and r1528 for bug #2444 and bug #2445 as uppercase [NAME] was not substituted anymore with first+last name, as the field is unpublished and the user-object entry is lowercase.
Also available in: Atom
PDF
Updated by 
Updated by