While testing out Frontier Post, I went to the front end editor and instead of typing in a post I just hit the save button. I expected to see an error message that said fields missing or something similar but instead the front end editor came back up with the [frontier-post] displaying in the editor. I then removed the short code [frontier-post] and typed test page and hit save. After that, each time I clicked the create post button, it took me to a page that said “test page” and nothing else. I then created a new username and assigned the editor role to it. Once again I repeated the same steps and once again the create post page was replaced with a page that said test page.
So does this mean that anyone who has the ability to make posts can break the site by simply pressing the save button before typing anything into the front end editor and then when the page comes back up, remove the [frontier-post] short code?
- The topic ‘Short code can be removed by users?’ is closed to new replies.