[eluser]haris244808[/eluser]
Hi there...
I am trying to solve a security issue about links...
suppose ex: we want to show a specific content and we use a link like:
Code:
"href = baseurl().\'content/'.$content_nr ";
where $content_nr is the id of content got from db...
when the user clicks...it will send to a function like :
Code:
function($content_nr){
//depending on the $content_nr you get your data from db and show it to the user
}
now in the status bar the link is shown together with the $content_id ...
now if u have 2 type of users: Admin and User
And you show diferent topics to them...Ex
TopicA will be shown only to the Admin and others will be shown to user B) hovewer they both will have the ability to edit the content... but only shown contents...
And as i said when they click to their content to edit it in the status bar the $content_id is shown...andif you cange that from the status bar to another content_id (ex to Adminusers content_id) ...the content which should be restricted to the user will ve shown ...
HOW CAN I PREVENT THIS?? ANY IDEA