QuackieMackie
New member
This might be a silly question but I'm working on a staff help page. I wanted to load member information dynamically.
So I wrote a quick method that fetches admins, and moderators. But when I see what data is fetched using Xdebug I can see emails, secret keys, etc.
Is this something I should be worried about? I feel like it is as if I can access it, whats stopping other people?
So I wrote a quick method that fetches admins, and moderators. But when I see what data is fetched using Xdebug I can see emails, secret keys, etc.
Is this something I should be worried about? I feel like it is as if I can access it, whats stopping other people?
PHP:
public static function renderStaffList(AbstractController $controller, \XF\Mvc\Reply\View $view)
{
$finder = \XF::app()->finder('XF:User');
$finder->with('Profile');
$adminFinder = clone $finder;
$adminUsers = $adminFinder
->where('is_admin', true)
->where('user_state', 'valid')
->order('username')
->fetch();
$modFinder = clone $finder;
$modUsers = $modFinder
->where('is_moderator', true)
->where('is_admin', false)
->where('user_state', 'valid')
->order('username')
->fetch();
$view->setParam('adminUsers', $adminUsers);
$view->setParam('modUsers', $modUsers);
}
