(solved) Hidden field is exposed

Trader5050 · September 1, 2024, 1:23pm

I have a User entity that’s exposing the password field even when set to hidden:

class User extends Entity implements IdentityInterface
{
protected array $_accessible = [
    'email' => true,
    'picture' => true
];

protected array $_hidden = ['password'];

The call to grab the user is:

$user = $this->Users->findById($this->request->getSession()->read(‘identity.user.id’), contain: [‘Roles’])->first();

That’s it. No idea why it’s being exposed.

KevinPfeifer · September 1, 2024, 2:22pm

the _hidden array doens’t prevent you from accessing the property or printing it out directly.

All it does is prevent it from being outputted via serialization, e.g.

pr($entity->toArray());

See Entities - 4.x

Trader5050 · September 1, 2024, 5:30pm

Thanks for pointing that out. Not sure how I missed that.

Topic		Replies	Views
Type of $_hidden iin Entity must be array error while it is Need Help	1	232	March 7, 2024
Proteceted fields not hidden in REST json Need Help	0	536	July 23, 2018
Virtual fields and entity functions are not read Need Help help	5	885	January 28, 2022
Enable/disable virtual fields ($_virtual) at runtime Need Help	9	1479	July 18, 2022
3.4: cannot display a virtual field in a Form Need Help	3	1072	June 6, 2017

(solved) Hidden field is exposed

Releases

Documentation

Community

(solved) Hidden field is exposed

Related topics

Releases

Documentation

Community