This seems like a welcome solution, and I agree probably more practical than getting stored admin stetting involved. Thanks!
Thank you for the quick and thoughtful response. I had seen your suggestion for the modified acf_form_head() function in the original thread, but hadn’t attempted to work through the solution yet myself. This example code should get me going. Thanks!
I realize this is an old thread, but not sure if there’s a better place to post. The behavior described by mkeys is still present, and while I understand it is a fundamental part of the functionality of acf_form, it is difficult to use acf_form in good conscience with this vulnerability. In addition to manipulating post authors, etc, it is possible to edit the data of other users in this manner using the user_$current_user->ID.
Is there is a practical solution to mitigate this issue? Or is there a reason I am missing that we shouldn’t be concerned with this?
I would love to use the acf_form functionality rather than implement a separate form plugin or writing a separate plugin from scratch.
