Editing objects with private data cause corruption and loss
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
webtrees |
Fix Released
|
Critical
|
fisharebest |
Bug Description
When we generate edit forms, we do use using "privacy filtered" versions of the data.
When we process these edits, we must also use the exact same filtered versions of the data. (The private or filtered data is then appended, after the edits).
In many cases, edit_interface.php is fetching the original (unfiltered) versions of the data.
In the "edit fact" code, this causes data corruption. In other edit code, it can cause loss, duplication or corruption.
NOTE: these problems only occur when editing a record that contains "hidden" data. In other words, a user with "edit" rights that is editing a record containing facts that are "show only to managers", or a manager editing a record containing facts which are "hide from everyone".
Changed in webtrees: | |
assignee: | nobody → fisharebest (fisharebest) |
importance: | Undecided → Critical |
status: | New → In Progress |
As a further explanation, at the beginning of edit_privacy.php, we apply privacy filtering to the record we are editing like this:
//-- privatize the record so that line numbers etc. match what was in the display records array gedcom( WT_GED_ ID, $gedrec);
//-- data that is hidden because of privacy is stored in the $pgv_private_
//-- any private data will be restored when the record is replaced
if (isset($gedrec)) {
$gedrec = privatize_
}
Then, later in the code, we undo the filtering, for example:
// Cycle through each individual concerned defined by $cens_pids array. record( $pid, WT_GED_ID, true); record( $famid, WT_GED_ID, true);
foreach ($cens_pids as $pid) {
if (isset($pid)) {
$gedrec = find_gedcom_
} elseif (isset($famid)) {
$gedrec = find_gedcom_
}
There are other, more subtle cases, such as editnote, addchildaction, linkspouseaction.
I'm currently rewriting the privacy functions (which is why I found the error), and will correct these as part of the update.