[eluser]Référencement Google[/eluser]
I seems that this can be an issue while using validation callbacks (with the old 1.6.3 validation lib) or more generally while setting rules with CI.
For example, this is the code I have at some point in the validation rules:
Code:
'check' => 'trim|callback_js_check|required' // Antispam trick
If the value of the hidden field "check" is set to FALSE using for example Firefox developer toolbar, the callback_js_check callback is bypassed. So that can be a security issue (not for my problem of spaming, but for things that could be more sensible like validate something to insert in a DB).
I don't know if this is a CI issue, but it would be cool if some of us make some more tests about it.