SafeSharpener

Developer

Darren Miller - DM Logic

3rd Party (Free)

2 downloads (last 90 days)

Download v1.0

EE Version Support

  • ExpressionEngine 2

Compatibility

If an item is crossed out, it might be untested, not applicable or incompatible. Contact the developer to be sure.

  • Updater
  • Multi Site Manager
  • Stand Alone Entry Form
  • Low Variables
  • Content Elements
  • Better Workflow
  • Matrix
  • Grid
  • Webservice
  • Publisher

Requirements

  • jQuery for the Control Panel

Add-On Type(s)

Extension, Plugin

Tags

Adds an additional layer of security to the SafeCracker module by restricting which fields can be posted on a per-member-group basis

THE PROBLEM
Safecracker is an excellent tool giving non-programmers a means to enable submission of channel entries outside of the CMS control panel.

You can show as many or as few of your channel fields as you like in your edit forms, those you don’t include do not get updated. Conversely, those you do include always get updated, and this is a security problem.

For example, imagine an online application using a channel with many fields. Some are suitable for submission from a Safecracker form and some are not (perhaps ‘admin notes’ or ‘store credits’. Could be anything). With SafeCracker in it’s current state, if the name of a sensitive field can be established, it can be updated by injecting a hidden field into the edit form.

THE SOLUTION
SafeSharpener provides a new template tag to specify which fields will be recognised by the submitted form on a global or per-member-group basis.

An extension then runs prior to SafeCracker processing that cleans the form submission of anything not included in your allowed fields.

Download SafeSharpener

EE Support Downloads Add-On Version Release Date
Not Specified Download 1.0 Jun 15, 2011

SafeSharpener Links

This entry was created June 15, 2011, 1:15 pm.
This entry was last updated June 15, 2011, 6:17 am.

Disclaimer: Information about ExpressionEngine add-ons is provided as a service to you, the user, and every member of the ExpressionEngine community. devot:ee is not responsible if you hose, mangle, wreck, or otherwise destroy your EE website by installing an add-on that you found out about at this site, regardless of its rating, Favorites status, commercial or free status, or general popularity. Caveat EEmptor!

Returns: devot:ee has a 30-day return policy on all commercial add-ons sold through devot-ee.com. If you need to return an add-on, do not go to the developer or the developer's site, but rather visit our returns page at https://devot-ee.com/returns to initiate your return. If you have questions, email support@devot-ee.com.

1 Review:

tehulong 04.28.14

tehulong
Rating - {addon_rating_average}

This is such an important feature that is sorely lacking in safecracker/channel forms.