We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

SAEF edit entry and changing hidden field entry_id

October 20, 2009 6:07pm

Subscribe [1]

  • #1 / Oct 20, 2009 6:07pm

    Nate Iler

    29 posts

    I haven’t done any thorough testing, but is there an EE safeguard which prevents someone from editing an EE entry via SAEF and changing the entry_id?  My fear is that I allow a user group to edit certain entries and someone becomes malicious and changes an entry_id which overrides another entry.  Does the XID play a role in verifying that the entry submitted is the same one which has been requested to edit?  I’m sure it’s not a huge threat as most people don’t care or are aware that certain tools can allow you to display and edit hidden field values.

  • #2 / Oct 21, 2009 12:56pm

    ender

    1644 posts

    you have to give them permission to edit only their own entries in the weblog. (admin -> members & groups -> member groups -> edit group -> weblog posting privs)

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register