Forum management
- Threads started by me
- Threads I participate in

Developer forum

Forms Module.

George Nelzo Pereira

Posted on 04/07/2016 14:28:05

Hi People,

I'm making some tests and I saw this...
I have a Forms with some fields... when I edit is work normally... but I saw here is possible to change the FORM_ROW_ID into the HTML then this data will save in another record... I'm mean it's possible to cheat this form... We have (or can have in the future) something to prevent this?

https://georgenelzo.tinytake.com/sf/Nzk4NDA3XzM1NjA4MjE

Replies

Nicolai Høeg Pedersen

Posted on 04/07/2016 16:20:19

This is forms for editors, and edit record is usually behind login, so that is why it might not be restricted that hard. I'll add it to the backlog so we have it on record.

George Nelzo Pereira

Posted on 05/07/2016 12:52:37

Hi Nicolai, thanks for your reply.

This is a simple forms (not a forms for editors). We are using behind login, but sometimes we have some "bad" users trying changes in HTML to push.

Nicolai Høeg Pedersen

Posted on 06/07/2016 09:36:27

Sorry, I meant Forms for data lists as that is the only module that allows updating existing records.

You can make a notification subscriber and make a check in that if you have that kind of users.