The code in the download reports controller uses OR's when
creating the where statement to filter reports. This means that
the resultant SQL is inclusive, not exclusive. A lot of
deployments mark reports that are too sensitive for public
consumption as "unapproved", and thus an inclusive filtering is a
security risk. In general I find myself biased towards exclusive
filtering, but I suppose that's personal preference.
For example if a user unchecks the "Reports Awaiting
Approval" option, but leave an unrelated field checked, say
"Verified Reports", then the CSV file will have all the reports
that are verified, even the ones that are verified but not
approved. In my opinion this is pretty serious, and the Ushahidi
community at large should be notified. From my experience the
average user will never think, "Is this filtering system exclusive
or inclusive?", will never double check the CSV they download,
and will assume if they unchecked something, that it won't be in
there.
I made a fix and you can find it here.
Ushahidi Developers: Please keep in mind that
"approved" and "unapproved" are a big deal for those of us working
on deployments, and that you should always default to protecting
"unapproved" reports.
Thanks,