Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming What can stop a user from manually typing in a function name in URL?
What can stop a user from manually typing in a function name in URL?
  • El Forum
    Guest
  •  
#1
07-07-2011, 05:30 AM

[eluser]incog03[/eluser]
My site doesn't use sessions and is a forum type website, Kinda like this forum. Anywho, there's actually nothing stopping someone from typing in the preview URL which includes a specific thread/post number in the url. If a user were to do this they'd be able to manipulate any post in the entire forum.

For example;
This is the post someone has made.
Code:
http://localhost/imageforum/imageController/carpost/80

To post something, the user needs to preview it first, but the item is already placed into the database (but unactivated & unviewable until the user posts it)
The preview page would be;
Code:
http://localhost/imageforum/imageController/preview/80

The preview page - like this codeigniter website, has the option of allowing the user to modify the post (ie. update the database), or posting it as is.


What stops any user from typing in
Code:
http://localhost/imageforum/imageController/preview/23
or
Code:
http://localhost/imageforum/imageController/preview/421
etc etc and changing any post as they see fit???


Messages In This Thread
What can stop a user from manually typing in a function name in URL? - by El Forum - 07-07-2011, 05:30 AM



Theme © iAndrew 2016 - Forum software by © MyBB