Only Allow Post Author To Edit Own Post

Support MB Frontend Submission Only Allow Post Author To Edit Own Post

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #35845
    Warren JohnstonWarren Johnston
    Participant

    I have a bit of a security issue I'm struggling to over come.

    I allow users to edit the posts they create using a link with the following query string
    "/?rwmb_frontend_field_post_id={{ post.ID }}"

    This works great and populates the form with the content they want to edit.

    HOWEVER...

    You can just guess POSTID's in the url and edit other peoples entries too.

    How do I lock this down so users can only edit what they have created?

    Thanks everyone!

    #35846
    Stephen C.Stephen C.
    Participant

    Users can only edit their own posts. If someone other than the author tries to edit a post, their get a message that says "You are not allowed to edit this post." Admins can edit any post, though, so don't test using your admin account.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.