This is my way of reporting a security issue regarding computed RTF fields.
I’m using a form Form1 with two RTF fields
An attachment is manually (drag&drop) added to RTF1 and the document is saved and closed.
An agent changes form to Form2 which is identical to Form1 except that RTF1 is computed with value RTF1
When I open the document again I can still edit in RTF2 and RTF1 is ofcourse locked down.
EXCEPT : I can drag the attachment from RTF1 to RTF2 and it will indeed be moved
To make it easy for you to verify this issue I have released a test-nsf for you to play with :
go to gmail
login using joneast7@gmail.com mailto:joneast7@gmail.com with joneast77 as password.
download sample database containting 2 forms and one view
open database
press button “new test”
add file to top field named “Fält 1”
Close and save
select the new document
press button “switch form to Test2”
open your document in edit mode
note that the top field is now “read only” and bottom field is “open”
drag file from upper fild to lower field (answering the dialog “YES”)
and BEHOLD, you have deleted an attachment form a read only field.
This issue was PMR:ed back in december 2011 (using 8.5.2/3) to no response #55635 113 848
This is a regression as version 7 works as designed.
Best regards
Jonas Österling