Symphony.

When updating an entry throughout a front-end form you'll have to set the id of given entry in a hidden field.
Problem here is that this is vulnerable trough 'dom hacking'.
I wonder; Is there a way to set the id within a custom event in php?

I tried this in the event but it did not work unfortunately:

protected function __trigger(){
    $this->post = $_POST;
    $_POST['fields']['id'] = '973';
    $_POST['fields'] = $_POST['fields'];
    include(TOOLKIT . '/events/event.section.php');
    return $result;
    }

Any ideas?

Where would you like to get the ID from? You can't guess it, so you must rely on the posted ID.

If you allow editing of entries from the frontend, you must have some sort of ACL. Using Members, for example, you might use the "edit own" permission for the save event. Like the name says, it means that a Member can only edit his own entries. So if he manipulates the DOM, he can only "ruin his own content".

Where would you like to get the ID from?

I was thinking about fetching the id of the logged in member somehow.

you might use the "edit own" permission for the save event

Missed that one, this makes thinks a lot easier :-), thanks Michael!

I am actually getting a error message when editing the member role:

Symphony Fatal Error: Call to undefined method DateTimeObj::getTimeAgo() An error occurred in /var/www/extensions/members/content/content.roles.php around line 172

It looks like the role gets saved anyway but when i check 'Edit own' or 'No edit' i get the following error when triggering the event (for updating member profile): (Only 'Edit all' seems to work)

Symphony Fatal Error: Undefined class constant 'FILTER_FAILED' An error occurred in /var/www/symphony/lib/toolkit/events/class.event.section.php around line 447

Shall i submit an issue for this?

Use Brendan's Default Event Values, or in a custom event, you can take extra parameters to ensure that you reset the ID to the desired value.

From the README of Default Event Values:

You currently cannot set a default value for the ID of an Event due to a Symphony limitation.

@Cremol:

I am actually getting a error message when editing the member role:

Are you using a compatible version of Members?

Maybe it's because i am using the latest symphony beta release? 2.4beta3
(And latest Members master branch)

Probably we need @brendo's expertise here.

Both are bugs.

• The first is because DateTimeObj::getTimeAgo() has been removed (and was missing from the migration guide)
• The second is just downright mistake

Both will be fixed in the next 15 minutes (although you'll now have to use the Members integration branch)

Awesome, thanks brendo!

I hate to say it, but i'm still getting the second error...
First one is fixed though...

Hey, it seems to be working now...!
Don't really know why... maybe because i updated to Symphony 2.4 RC1
Or maybe because of resaving some events?
Anyway, problem solved :-)