I’m submitting a…
- [ ] Regression (a behavior that stopped working in a new release)
- [X] Bug report
- [ ] Performance issue
- [ ] Documentation issue or request
Current behavior
I have flag some fields as disabled from the Schema definition.
When I click on a content in order to modify it I can see that those fields are correctly disabled. However, if I inspect the HTML source code of the page and I remove the disable flag from the HTML tag, I can easily modify those field. Finally, if I click the “save” button the client uncorrectly saves those modfication to the content. In this way, anyone potentially can modify every field of the contents.
Expected behavior
If I try to “hack” the view and modify a disabled parameter by modifying the HTML code, the client should visualize an error and, more important, must not save the modifications.
Environment
- [ ] Self hosted with docker
- [ ] Self hosted with IIS
- [ ] Self hosted with other version
- [X] Cloud version