Home › Forums › Bug Reports › ACF_Form() Security Issues › Reply To: ACF_Form() Security Issues
In the meantime while this vulnerability is addressed officially, I have found a solid workaround for myself.
I made a duplicate of the acf_form_head() (renamed of course) and put it into my plugin.
I kept everything the same, except that instead of reading the values of the ‘_acf_form’ field from the $_POST data, I rely on my own hard coded values in my version of the function.
This allows me to still utilize the great ACF field types and functionality, without allowing people to modify the functionality of the form beyond the scope I defined.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.