Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Name

Type

Required

Description

value

string

yes

Value to be used in the filter

label

string

yes

Text to be displayed to the user to represent this filter

checked

string

no

Should this check box be initially checked. Only for list within multicheck field

Data Security

To ensure that data is not accidentally exposed because of incorrectly configured filter if the value for a user property is missing then filtering will covert the generated filter into one that returns no results rather than just removing the filter and returning all results, e.g. a filter like where client_id = ${user.dynamic.client_id} will be replaced with something like where 1 = 0 if there is no dynamic value for the client_id.

Normally you would resolve this by providing a suitable default value for the client_id, e.g. where client_id = ${user.dynamic.client_id|9999999}, which would result in the same outcome in this example, but make it explicit what is happening and shows that the issue has been looked at. Alternatively you can set a property that changes the handling of the filtering to remove the filter if the value is missing.

The property to set is weave.ignoreonsubstitutionerror and if it is set to true then the handling of missing values will be treated differently and will result in the filter being excluded and all results (subject to any other filtering) will be returned rather than no results. The value can be set as a system property or just adding the following to a config xml file:

Code Block
languagexml
<?set weave.ignoreonsubstitutionerror=true?>