Search Data

lazysheepmedia

lazysheepmedia

Member
Folks

When I do a search form and submit it with some test data, the url appears like this (I have sef turned on)

index.php?option=com_fabrik&view=list&listid=9&search_tenants___Tenants_First_Name=mark&search_tenants___Tenants_Last_Name=reynolds&search_tenants___Tenants_NI_Number_Search=nh400817y

How can I get it show like a sef url - The reason I ask is because it shows the list id and if someone is able to they can change that so they can view all records in the database - I have a pre filter for the users entries but I can't use a pre filter for the list I am searching. Am I right with that?

Regards
 
It doesn't matter if SEF is on or off, everybody can use a URL ...index.php?option=com_fabrik&view=list&listid=9 (going through all ids 1-...) and will see all records visible to public.

You must restrict the "view list" and/or "view records" access settings or - if records should be visible/searchable to public but only filtered records should be visible - set "Require filtering"=yes
 
Thanks Troester :)

The only problem with adding a filter is that is restricts the entries on a search so I have had to create 2 lists - one with a filter to display the users records and the 2nd to display the search results

But if I filter the results using the userid on the search list the obvious happens :)

Is there a workaround?
 
Sometimes, the only solution when you need to do "different" things in different places is to have copies of the list. This may be the only workaround for this, although I'm still a little hazy on what exactly the problem is.

If it helps, you can apply pre-filters on a per-menu item basis, rather than in the global list settings. So if you need one 'view' of the list to filter down to only the users rows, you could set the pre-filter on that menu link, so it only filters when viewed through that link, and not when you hit the list with a redirect from a search form.

-- hugh
 
The main thing to remember is that pre-filters on lists themselves are designed to be "hard", and apply to any and all access to that list's data, no exceptions, overriding any other form of filtering, whether loading a a list or a form.

So if you have one usage of the list that requires (say) pre-filtering by user, to restrict users to only seeing their own rows, then you can't bypass that in any way. So if you have another usage of the list that you don't want that restriction on, you have to either use a copy of the list without the pre-filter, or do the per menu item thing I described in my previous post.

Just bear in mind that using pre-filters in per-menu item mode means they are VERY easy to bypass, by simply removing J!'s 'itemid=X' from the URL, at which point that list access is no longer tied to that menu item. Swings and roundabouts. More flexible, less secure.

-- hugh
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 137 (members: 2, guests: 135)
    Back
    Top