Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Form Questions /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

How to know which Form was used when a DataObject is saved?


Go to End


232 Views

Avatar
Jare

Community Member, 39 Posts

6 June 2017 at 11:15pm

Hi,

I'm not sure if this is the correct category for this question. I have a DataObject upon which I have created an onBeforeWrite() method. Inside that method I need to somehow know where the current saving request came from. If I knew the Form that was used during the request, I could know which fields are available and which are not.

I can't just use Controller::curr()->getRequest()->postVars() to find out which fields were submitted because, well... that would create a security vulnerability. For example I might have an advanced form in the backend that has all kind of fields that are meant for administrators only. Then I might have a more simpler form in the frontend - designed for logged in users but not necessarily admins - that is supposed to change a small set of fields. In this case a hacker could add his own fields to the HTML form and she would be able to alter values that were not designed to be altered a) by non admins and/or b) from the frontend.

Another considerable way would be to check which Controller is currently in use. This way I could tell if the request originates from the backend or from the frontend. But I might need something more sophisticated just in case if there will be multiple forms inside the backend that would write stuff to this object.

Thanks for your support! :)