dcat-admin icon indicating copy to clipboard operation
dcat-admin copied to clipboard

Published 20 hours ago verified publisher icon jqhph

Form submission does not ignore disabled and readonly inputs

Open kelkmere opened this issue 2 years ago • 0 comments

  • Laravel Version: 8.75
  • PHP Version: 7.4.30
  • Dcat Admin Version: 2.2.0-beta

Description:

The issue was reported 2 years ago and a fix was proposed but it seems the change is not commited:

https://github.com/jqhph/dcat-admin/commit/b6a187b155c0f41bb4ebc0caaf03d10d61c2e6bc

This is a major security issue as user can edit the form html directly and submit any field they want.

kelkmere avatar Jun 21 '22 06:06 kelkmere