security concerns about front-end forms

brkard
Home / MB Frontend Submission / security concerns about front-end forms

Custom Fields
Re-Envisioned Support MB Frontend Submission security concerns about front-end forms

  • Creator
    Topic
  • December 26, 2017 at 7:55 PM #8001
    Resolved brkard
    Participant

    Hi.

    I have some security concerns about fron-end forms.

    First forms are displaying to all visitors in front-end. without logging in. And they can add or edit pages posts etc with these forms without login in . I know that i can restrict these forms with some extra plugins but i think it will be good to use some native wp restrictions with forms. May be with some options, or short code parameters.. Do you have any suggestion about this ?

    And

    Also i did not try but users can actually input harmful things (codes, scripts etc.) Are these forms have some sanitize feature or something like that ? Do you have any advice about this ?

    Thanks.

  • Creator
    Topic
Viewing 2 replies - 1 through 2 (of 2 total)
  • Author
    Replies
  • December 29, 2017 at 2:35 PM #8063
    Anh Tran
    Keymaster

    Hi,

    Regarding the 1st question: I think adding restriction to the form is ok, we can do that. However, even if the form is restricted, you still need to prevent non-wanted users to access that page? What do you think about this?

    Regarding the 2nd problem: all post data is processed via wp_update_post and wp_insert_post. We don't run any sanitize feature for that. However, you can use these filters to perform an extra check.

    This is an interesting question and I'd love to hear your feedback.

    Thanks,
    Anh

    December 29, 2017 at 3:43 PM #8064
    brkard
    Participant

    Hi Anh.

    Actually you a right about 1st question. I can want guest users or everyone access to forms without log in also.

    May be forms can be restricted by default. And there can some options or custom paramaters for remove restriction or enable forms for everyone.
    Or can be added a Conditional Logic to metaboxes and fields something like if user logged in - logged out - if user role is something which also works in front-end forms...

    These are some general ideas.

    And about filters, it they are usefull.

    Thanks

  • Author
    Replies
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.