According to this forum post, Gravity Form indeed does server-side validation. But I am still able to inject the POST request right before the submission to change the value.
I feel that there is a need to do server-side validation to minimise security risk, but there are no available plugins or open source code.
What are you injecting in the $_POST? Is it a security issue, or just that the $_POST can be modified? Do you have an example use-case or concern?
Thanks you for your reply. Yes, there is a security risk where malicious code/command can be injected into each field on submission as there is no backend validation done. I am currently using a tool to inject the request.
Content-Disposition: form-data; name="input_19"
Thank you for the clarification. Can you please submit a support ticket here?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.