security concerns about front-end forms

This topic has 2 replies, 2 voices, and was last updated 7 years, 3 months ago by brkard.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
December 26, 2017 at 7:55 PM #8001

brkard
Participant

Hi.

I have some security concerns about fron-end forms.

First forms are displaying to all visitors in front-end. without logging in. And they can add or edit pages posts etc with these forms without login in . I know that i can restrict these forms with some extra plugins but i think it will be good to use some native wp restrictions with forms. May be with some options, or short code parameters.. Do you have any suggestion about this ?

And

Also i did not try but users can actually input harmful things (codes, scripts etc.) Are these forms have some sanitize feature or something like that ? Do you have any advice about this ?

Thanks.

Add New Note to this Reply

December 29, 2017 at 2:35 PM #8063

Anh Tran
Keymaster

Hi,

Regarding the 1st question: I think adding restriction to the form is ok, we can do that. However, even if the form is restricted, you still need to prevent non-wanted users to access that page? What do you think about this?

Regarding the 2nd problem: all post data is processed via wp_update_post and wp_insert_post. We don't run any sanitize feature for that. However, you can use these filters to perform an extra check.

This is an interesting question and I'd love to hear your feedback.

Thanks,
Anh

Add New Note to this Reply

December 29, 2017 at 3:43 PM #8064

brkard
Participant

Hi Anh.

Actually you a right about 1st question. I can want guest users or everyone access to forms without log in also.

May be forms can be restricted by default. And there can some options or custom paramaters for remove restriction or enable forms for everyone.
Or can be added a Conditional Logic to metaboxes and fields something like if user logged in - logged out - if user role is something which also works in front-end forms...

These are some general ideas.

And about filters, it they are usefull.

Thanks

Add New Note to this Reply
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.