3rd Party (Free)
5 downloads (last 90 days)
- Multi Site Manager
- Stand Alone Entry Form
- Low Variables
- Better Workflow
- jQuery for the Control Panel
Adds an additional layer of security to the SafeCracker module by restricting which fields can be posted on a per-member-group basis
Safecracker is an excellent tool giving non-programmers a means to enable submission of channel entries outside of the CMS control panel.
You can show as many or as few of your channel fields as you like in your edit forms, those you don’t include do not get updated. Conversely, those you do include always get updated, and this is a security problem.
For example, imagine an online application using a channel with many fields. Some are suitable for submission from a Safecracker form and some are not (perhaps ‘admin notes’ or ‘store credits’. Could be anything). With SafeCracker in it’s current state, if the name of a sensitive field can be established, it can be updated by injecting a hidden field into the edit form.
SafeSharpener provides a new template tag to specify which fields will be recognised by the submitted form on a global or per-member-group basis.
An extension then runs prior to SafeCracker processing that cleans the form submission of anything not included in your allowed fields.
|EE Version||Downloads||Add-On Version||Release Date|
|2.+||Download||1.0||2011-06-15 01:00 AM|
This entry was created June 15, 2011, 1:15 pm.
This entry was last updated June 15, 2011, 6:17 am.
Disclaimer: Information about ExpressionEngine add-ons is provided as a service to you, the user, and every member of the ExpressionEngine community. devot:ee is not responsible if you hose, mangle, wreck, or otherwise destroy your EE website by installing an add-on that you found out about at this site, regardless of its rating, Favorites status, commercial or free status, or general popularity. Caveat EEmptor!
There are no reviews for this add-on yet.
What are you waiting for? Rate it and review it!