MB Frontend Submission with visitors (not logged-in user) - Meta Box

This topic has 2 replies, 2 voices, and was last updated 11 months, 1 week ago by pixluser.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
April 18, 2024 at 7:12 AM #45249

pixluser
Participant

Hello I have a question about that detail, because nothing is written on the documentation for that specific part.
So I discovered that the form can be sent by visitors, not logged in the website, that's good to know (it wasn't displayed into the doc).

But, is it safe?

I mean my user can send a file, and also can set a title, does the visitors form can be used to change the post-id of another post to erase it? Or to upload some malicious files too?

Thanks!

Add New Note to this Reply

April 18, 2024 at 10:57 PM #45257

Peter
Moderator

Hello,

does the visitors form can be used to change the post-id of another post to erase it?

No. Only the author of the post can update their post in the frontend dashboard. Following the documentation https://docs.metabox.io/extensions/mb-frontend-submission/#user-dashboard

If you don't want to show the frontend form for the visitors, you can create a custom code to check the logged-in user and output the frontend form with the shortcode.

Add New Note to this Reply

April 20, 2024 at 9:44 AM #45270

pixluser
Participant

Thanks Peter, that's perfect!

Add New Note to this Reply
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.