[TYPO3-mvc] Can forms be easily manipulated?
Jan Kornblum
jan.kornblum at gmx.de
Mon Dec 15 11:43:40 CET 2014
Hi Chris,
> im not quite shure what you mean by property id.
didn't i write "pid"?
> i Know about 2 ids types
> uid = Unique ID this identifies an Object / Database Record Uniqulie
> pid = Page id / Parent Id. This usualy revers tot he Page a record is Stored
> on.
>
> Your Form Usually only contains the uid. As you propepertly dont wan't user
> allow to modifiy The page an object ist stored on.
This is just an example, no concrete case ;)
> To your question. Is it possible to replace the uid of an object. To alter
> another Object instead the one given to you. Im not shure but i guess you
> could easyly test it by mondifieing the form you get from the browser with
> the development tools of your browser And trying to resubmit the result.
>
> (i guess it should not be possible as the form usally contains a "__referrer"
> arguments. But i have never tested it.)
I try to test it, just for my interest...
Kind regards, Jan
More information about the TYPO3-project-typo3v4mvc
mailing list