Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Form Questions /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

How to know which Form was used when a DataObject is saved?


Go to End
Reply


159 Views

Avatar
Jare

Community Member, 38 Posts

6 June 2017 at 11:15pm

Hi,

I'm not sure if this is the correct category for this question. I have a DataObject upon which I have created an onBeforeWrite() method. Inside that method I need to somehow know where the current saving request came from. If I knew the Form that was used during the request, I could know which fields are available and which are not.

I can't just use Controller::curr()->getRequest()->postVars() to find out which fields were submitted because, well... that would create a security vulnerability. For example I might have an advanced form in the backend that has all kind of fields that are meant for administrators only. Then I might have a more simpler form in the frontend - designed for logged in users but not necessarily admins - that is supposed to change a small set of fields. In this case a hacker could add his own fields to the HTML form and she would be able to alter values that were not designed to be altered a) by non admins and/or b) from the frontend.

Another considerable way would be to check which Controller is currently in use. This way I could tell if the request originates from the backend or from the frontend. But I might need something more sophisticated just in case if there will be multiple forms inside the backend that would write stuff to this object.

Thanks for your support! :)