I'm not sure if this is the correct category for this question. I have a DataObject upon which I have created an onBeforeWrite() method. Inside that method I need to somehow know where the current saving request came from. If I knew the Form that was used during the request, I could know which fields are available and which are not.
I can't just use Controller::curr()->getRequest()->postVars() to find out which fields were submitted because, well... that would create a security vulnerability. For example I might have an advanced form in the backend that has all kind of fields that are meant for administrators only. Then I might have a more simpler form in the frontend - designed for logged in users but not necessarily admins - that is supposed to change a small set of fields. In this case a hacker could add his own fields to the HTML form and she would be able to alter values that were not designed to be altered a) by non admins and/or b) from the frontend.
Another considerable way would be to check which Controller is currently in use. This way I could tell if the request originates from the backend or from the frontend. But I might need something more sophisticated just in case if there will be multiple forms inside the backend that would write stuff to this object.
Thanks for your support! :)