Home › Forums › Backend Issues (wp-admin) › Location rule / user › Reply To: Location rule / user
Not exactly, the field name is not used by ACF, the field key is. Yes, I suppose that someone would be able to add something like:
<input type="hidden" name="acf['field_1234567890']" value="test">
I guess what you have to ask yourself is, who’s going to be using your theme and will there be people using it that want to hack values that are part of the site.
I have not tested the ability to do this… and I’m not the developer. You may have a valid concern and you might what to consider submitting a support ticket https://support.advancedcustomfields.com/new-ticket/ and bring your concern up.
I actually have a plugin https://github.com/Hube2/acf-user-role-field-setting/ and I’m going to look at adding a security check to this plugin to add a check for submitted values to see if the user is allowed to modify a field.
update: I have added this security feature to the user role field setting plugin.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
ACF wouldn’t be so widely used in WordPress if it didn’t have some pretty amazing capabilities. In this article, we look at a few of the features we’ll discuss during “7 things you didn’t know you could do with ACF” at #WPEDecode later this month. https://t.co/5lnsTxp81j pic.twitter.com/Yf0ThPG1QG
— Advanced Custom Fields (@wp_acf) March 16, 2023
© 2023 Advanced Custom Fields.
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Cookie Policy. If you continue to use this site, you consent to our use of cookies.