'view pdf' url not safe, it can be accessed by non-logged in user!!!
-
Once ‘View PDF’ is clicked, you will be lead to the following url that displays the generated PDF.
http://youdomain.com/?gf_pdf=print-entry&fid=1$lid=2¬es=1
this link can easily be accessed by non-logged-in users. Anyone can fetch sensitive data from the database by changing the form id and the lead id.
Is there any way to stop this? like only allowing logged in users to access this link while showing ‘access denied’ to public users.
BTW, I am actually using s2member plugin to control my website.
Cheers!!
http://wordpress.org/extend/plugins/gravity-forms-pdf-extended/
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘'view pdf' url not safe, it can be accessed by non-logged in user!!!’ is closed to new replies.