PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Safety risk?

Gravity Support Forums » Plugin Support » Gravity Forms

  1. indigonl
    Member

    We used the shortcode option in http://www.gravityhelp.com/documentation/page/Using_Dynamic_Population to define a form with dynamic prices. This works fine but it seems that you can override the pricing defined in the shortcode by using the query string method. Is this a safety risk and if so, should we use another method for dynamic polulation of the price field?

    Posted 12 years ago on Thursday November 24, 2011 | Permalink

  2. indigonl
    Member

    Anyone?

    Posted 12 years ago on Thursday February 2, 2012 | Permalink

  3. kyle
    Member

    I suppose it would depend on your sales and quantity of stock. Are they so huge that you send out orders without verifying prices? I run a site using FoxyCart, that has the same "security" issue.

    Perhaps you could create a function that gets called after a form submit and ensures the price matches the product number, or else returns to the form with an error.

    Posted 12 years ago on Thursday February 2, 2012 | Permalink

  4. indigonl
    Member

    Hi Kyle,

    I don't think it will cause much trouble and true, besides as long as the order level is not too high, manual check is ok. Good to hear that a similar solution works fine for you. Thx!

    Posted 12 years ago on Thursday February 2, 2012 | Permalink