Xataface Forums

Try

[__filters__]
ID_user="={$user->val('UserName')}"

The prepended '=' sign should force an exact match.

-Steve

Hi Dominique,

Ok.. thanks for the bug report.Ê To fix this you will need to make a change to the Dataface/Table.php file.Ê Find the setSecurityFilter() method and replace it with this method:

function setSecurityFilter($filter=null){
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ if ( !isset($filter)){
ÊÊÊ ÊÊÊ ÊÊÊ $filter = array();
ÊÊÊ ÊÊÊ ÊÊÊ $app =& Dataface_Application::getInstance();
ÊÊÊ ÊÊÊ ÊÊÊ $query =& $app->getQuery();
ÊÊÊ ÊÊÊ ÊÊÊ if ( class_exists('Dataface_AuthenticationTool') ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $auth =& Dataface_AuthenticationTool::getInstance();
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $user =& $auth->getLoggedInUser();
ÊÊÊ ÊÊÊ ÊÊÊ } else {
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $auth = null;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $user = null;
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ ÊÊÊ foreach ($this->_filters as $key=>$value){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( isset($this->_securityFilter[$key]) ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( $value{0} == '$' ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( !$user and strpos($value, '$user') !== false ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ eval('$filter[$key] = "=".'.$value.';');
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ } else if ( substr($value,0,4) == 'php:' ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( !$user and strpos($value, '$user') !== false ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ eval('$filter[$key] = "=".'.substr($value,4).';');
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ } else {
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $filter[$key] = "=".$value;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $this->_securityFilter = $filter;
ÊÊÊ }
ÊÊÊ

Then you can change your [__filters__] section back to what you had originally:

[__filters__]

ID_user="$user->val('UserName')"