Problem showing edit form based on edit link

  • Resolved Ollie Murphy

    (@omurphy)


    10 years, 2 months ago

    So I’m successfully generating the edit link like so /edit-offer/?gform_post_id=126&nonce=549ba5aeaa

    On the edit form page, I’m just fetching the post id via a GET request which is obviously terrible security-wise – see code below.

    $edit_post_id = isset( $_GET['gform_post_id'] ) ? (int) $_GET['gform_post_id'] : 0;

if ( !empty( $edit_post_id ) ) {
echo do_shortcode('[gravityform id="4" title="false" description="false" update="'.$edit_post_id.'" ]');
}

    How should I use the nonce that’s appended in the URL to make this more secure. I didn’t see anything in the docs about it. Thanks

    https://www.ads-software.com/plugins/gravity-forms-post-updates/

Viewing 1 replies (of 1 total)
  • Thread Starter Ollie Murphy

    (@omurphy)

    Ok, it seems that the generated nonce is user specific and without it appended, the form won’t contain any data. So we’re good here, please ignore my question.

Viewing 1 replies (of 1 total)
  • The topic ‘Problem showing edit form based on edit link’ is closed to new replies.