Home › Forums › Backend Issues (wp-admin) › Location rule / user › Reply To: Location rule / user
Not exactly, the field name is not used by ACF, the field key is. Yes, I suppose that someone would be able to add something like:
<input type="hidden" name="acf['field_1234567890']" value="test">
I guess what you have to ask yourself is, who’s going to be using your theme and will there be people using it that want to hack values that are part of the site.
I have not tested the ability to do this… and I’m not the developer. You may have a valid concern and you might what to consider submitting a support ticket https://support.advancedcustomfields.com/new-ticket/ and bring your concern up.
I actually have a plugin https://github.com/Hube2/acf-user-role-field-setting/ and I’m going to look at adding a security check to this plugin to add a check for submitted values to see if the user is allowed to modify a field.
update: I have added this security feature to the user role field setting plugin.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.