Custom Fields
Re-Envisioned
Support MB Frontend Submission security concerns about front-end forms

This topic contains 2 replies, has 2 voices, and was last updated by  brkard 1 year, 1 month ago.

  • Creator
    Topic
  • #8001
    Resolved
    brkard
    Participant

    Hi.

    I have some security concerns about fron-end forms.

    First forms are displaying to all visitors in front-end. without logging in. And they can add or edit pages posts etc with these forms without login in . I know that i can restrict these forms with some extra plugins but i think it will be good to use some native wp restrictions with forms. May be with some options, or short code parameters.. Do you have any suggestion about this ?

    And

    Also i did not try but users can actually input harmful things (codes, scripts etc.) Are these forms have some sanitize feature or something like that ? Do you have any advice about this ?

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Author
    Replies
  • #8063

    Anh Tran
    Keymaster

    Hi,

    Regarding the 1st question: I think adding restriction to the form is ok, we can do that. However, even if the form is restricted, you still need to prevent non-wanted users to access that page? What do you think about this?

    Regarding the 2nd problem: all post data is processed via wp_update_post and wp_insert_post. We don’t run any sanitize feature for that. However, you can use these filters to perform an extra check.

    This is an interesting question and I’d love to hear your feedback.

    Thanks,
    Anh

    #8064

    brkard
    Participant

    Hi Anh.

    Actually you a right about 1st question. I can want guest users or everyone access to forms without log in also.

    May be forms can be restricted by default. And there can some options or custom paramaters for remove restriction or enable forms for everyone.
    Or can be added a Conditional Logic to metaboxes and fields something like if user logged in – logged out – if user role is something which also works in front-end forms…

    These are some general ideas.

    And about filters, it they are usefull.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.