How to hide the action of the URL (edit/2), because the user can change the number '2' for other number and see prohibited content
http://localhost/rub...n_usuarios/TRUE/edit/2
⚠ In case you've missed it we are migrating to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This forum is read-only and soon will be archived. ⚠
Posted 25 September 2013 - 12:48 AM
How to hide the action of the URL (edit/2), because the user can change the number '2' for other number and see prohibited content
http://localhost/rub...n_usuarios/TRUE/edit/2
Posted 25 September 2013 - 03:25 PM
Posted 25 September 2013 - 10:47 PM
DID NOT WORK
THIS IS MY CODE
public function definicion_mi_usuarios() { $crud = new grocery_CRUD(); $user_id = $this->session->userdata('administrador_identificacion'); if ($this->uri->segment(4) == 'edit') { $this->uri->set_segment(5, $user_id); } $crud->set_theme('flexigrid'); $crud->set_table('administrador'); $crud->set_subject('Definicion de Usuarios'); $crud->set_relation('id_rol', 'rol', 'rol_nombre'); $crud->set_relation('id_dependencia', 'dependencia', 'dependencia_nombre'); $crud->set_rules('administrador_clave', 'Contraseña', 'min_length[6]|required'); $crud->set_rules('administrador_email', 'Email', 'valid_email|required'); $crud->set_rules('administrador_identificacion', 'Número de identificación', 'callback_usuario_check|numeric|required'); $crud->display_as('id_rol', 'Rol'); $crud->display_as('id_dependencia', 'Dependencia'); $crud->display_as('administrador_nombre', 'Nombre'); $crud->display_as('administrador_clave', 'Contraseña'); $crud->display_as('administrador_apellidos', 'Apellidos'); $crud->display_as('administrador_email', 'Correo electrónico '); $crud->display_as('administrador_identificacion', 'Número de identificación '); $crud->change_field_type('administrador_clave', 'password'); $crud->required_fields('administrador_nombre', 'administrador_apellidos', 'administrador_email', 'administrador_identificacion', 'administrador_clave', 'id_rol', 'id_dependencia'); $crud->unset_columns('administrador_clave'); $crud->unset_back_to_list(); $crud->unset_read(); $crud->callback_before_insert(array($this, 'antes_de_guardar')); $crud->callback_before_update(array($this, 'antes_de_guardar')); $crud->where('administrador_identificacion', $this->session->userdata('administrador_identificacion')); $crud->unset_add(); $crud->unset_delete(); $crud->edit_fields('administrador_nombre', 'administrador_apellidos', 'administrador_identificacion', 'administrador_email', 'administrador_clave'); try { $output = $crud->render(); $this->_example_output($output); } catch (Exception $e) { if ($e->getCode() == 14) { redirect('referenciales_entidad/definicion_mi_usuarios/edit'); } else { show_error($e->getMessage()); } } }
Posted 26 September 2013 - 09:00 AM
Hello Lucas.
I haven't checked your code at all but if you use version 1.4 and onwards the add and edit operations use a popup window.
If you change the add / edit / delete operations on Actions columns with your own you partialy (but not securely) can hide the ../edit/2 path using javascript.
UPDATE: I just checked your code. Why don't you use the getState in order to be on the safe side?
Edited by davidoster, 26 September 2013 - 09:02 AM.
UPDATE
Support →
Grocery CRUD Enterprise →
Link field don't working.Started by matiasnabarro@gmail.com, 27 Apr 2020 ![]() |
|
![]() |
||
Support →
Bugs / Issues →
Problem posting/inserting content that contains an urlStarted by Chriz, 27 Aug 2019 ![]() |
|
![]() |
||
Support →
Grocery CRUD Enterprise →
callbackColumn URL helpStarted by GaryW, 16 Aug 2019 ![]() |
|
![]() |
||
Support →
I have a question →
Change url for viewStarted by nasrDev, 20 Jul 2018 ![]() |
|
![]() |
||
Support →
I have a question →
open url target = _blankStarted by acosoegono, 29 Nov 2017 ![]() |
|
![]() |
0 members, 0 guests, 0 anonymous users