Meta Box

Support Forum

Reply To: List of post to edit in frontend

Support MB Frontend Submission List of post to edit in frontend Reply To: List of post to edit in frontend

March 27, 2019 at 12:34 AM #13944
proyectohappyweb@gmail.com[email protected]
Participant

No, everything works fine. Another question:

Someone who knows:
http://xxx.es/crear-articulo/?rwmb_frontend_field_post_id=540

Knowing this url and changing the post id, anyone can enter and update all the posts...

What people do to solve it?

I think one solution is make a function wiht the add_action('template_redirect',
and check that the user has permission to modify the post id.

I don't know if to do this, is important this code, that I don't understand very well:

add_filter( 'rwmb_frontend_field_value_post_id', 'my_custom_population_function', 10, 2 );
function my_custom_population_function( $value, $args ) {
    if ( $args['id'] === 'your_meta_box_id' ) { // Only filter for a specific form.
        $value = 123;
    }
    return $value;
}

I can see the args printed in the page, but when I call the action template_redirect, or the arguments are not yet, or I do not know how to collect them.

Is there any easier solution? Or does it have to be done this way?

Thanks,
Sergio