Hi,
I have already submitted this issue to Support.
I think this issue is very important for people who is upgrading to phpr 6 to know -
if you have master child popup, your info may be accidentally leaked to non-intended users.
So i am sharing this issue since it is not mentioned anywhere in the release notes or forum yet.
Problem:
Currently, for child table, if we want to filter say status = 1, we will put at the before SQL query event for the child table:
$v_where = " status = 1 " ;
$strWhereClause= WhereAdd($strWhereClause,$v_where);
But when we mouse over the child table link at the master table, the preview popup will not show the filtered data of the child table,
it will show everything!
Only after clicking the child table, then the before SQL event is applied.
Implications:
User who see the preview child table is different when they actually click the child table.
So if you have something sensitive, that are not supposed to be seen by users, be careful,
it will be shown on the popup window.
Work around as advised by Support:
To make your pages working apply your custom WHERE in the generated detailspreview.php file.
If you have too many of these child preview popups (like my project), then be extra careful to check all the
detailspreview.php to prevent accidentally leaking sensitive info - add the where clause manually. Else you may
want to wait for the fix to be very safe.
Regards
acp