[Bug] Securite save fields

[nekulin]

Why does getStrippedSaveRequest return fields that I added via addField() ?

You don't think they should return the fields specified in the request rule ?

[nekulin]

/** @var \Illuminate\Foundation\Http\FormRequest $request */
        $request = $this->crud->validateRequest();
        // update the row in the db

        $item = $this->crud->update(
            $request->get($this->crud->model->getKeyName()),
            $request->validated()
        );

[tabacitu]

Hi @nekulin ,

That's not a bug, it's a choice we've made. It's an extra layer of security, so that if a malicious user adds a field to the form (using Chrome Dev Tools for example), it will not be saved to the database. That extra field gets stripped out before the saving process even begins.

Hope it helps. Moved to Discussions since it's not a bug.
Cheers!

[jcastroa87]

Hi.

Due to not activity on many years i will close this discussion, if there is needed feel free to reopen or create a new one.

Cheers.