Injecting value through URL

teoyh

teoyh

Member
I have this issue, some user know how to use the developer windows to check the field name in the form and change the url to alter or add value to the form element which they are not suppose to change

eg. they will add &gift_cart___qty=99 to the url of the form

how do you all address such issue ? I had disabled the field but it still can be change using the url injection

Thank you in advance
 
It seems the element's Advanced settings "Disable element" and "Readonly" are only affecting the browser display.
Set element access settings to make sure the user can't inject via url or via manipulating the page source.
 
troester said:
It seems the element's Advanced settings "Disable element" and "Readonly" are only affecting the browser display.
Set element access settings to make sure the user can't inject via url or via manipulating the page source.
Click to expand...

When you say " Set element access settings to make sure the user can't inject via url or via manipulating the page source. " ;
what do you really mean, do you mean like from public to registered ?
But it is some of the registered user who are the naughty boys or girls !
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 134 (members: 4, guests: 130)
    Back
    Top