In update forms, the record ID is encoded into the _formname hidden field, which is used as a key to check the _formkey in the session, which is used for CSRF protection as well as to prevent a malicious user from attempting to update an alternative record by manipulating the "id" field. It looks like the jQuery library you are using might add its own "id" field to the submitted data, which will cause web2py to think the "id" has been manipulated. You'll either have to make a change via Javascript before the form gets submitted or manipulate request.post_vars on the server after form submission but before crud.update() gets called.
Anthony On Tuesday, December 22, 2015 at 9:34:02 PM UTC-5, Relsi Maron wrote: > > Hello guys, > > I use this javascript lib [1 <http://ubilabs.github.io/geocomplete/>] to > populate a form with geolocalization data [2 > <http://ubilabs.github.io/geocomplete/examples/form.html>]. It works very > well in a crud.create form, but if I use it in crud.update form I get this > error, when the fields are dynamyc populated with the new data: > > SyntaxError: user is tampering with form's record_id: > 7e127c37a39c01e218ccfdce430b5c25d34b6006 != 16 > > > But if I change manually the field value it works how expected. > > Anybody would know how fix it? > > Thanks for all. > > [1] http://ubilabs.github.io/geocomplete/ > [2] http://ubilabs.github.io/geocomplete/examples/form.html > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
