Really buddy! The Places API have a field called id, so the lib change the value of the web2py field. I let it pass unnoticed. :(
Thank you very much for your help. Em quarta-feira, 23 de dezembro de 2015 12:01:19 UTC-2, Anthony escreveu: > > In update forms, the record ID is encoded into the _formname hidden field, > which is used as a key to check the _formkey in the session, which is used > for CSRF protection as well as to prevent a malicious user from attempting > to update an alternative record by manipulating the "id" field. It looks > like the jQuery library you are using might add its own "id" field to the > submitted data, which will cause web2py to think the "id" has been > manipulated. You'll either have to make a change via Javascript before the > form gets submitted or manipulate request.post_vars on the server after > form submission but before crud.update() gets called. > > Anthony > > On Tuesday, December 22, 2015 at 9:34:02 PM UTC-5, Relsi Maron wrote: >> >> Hello guys, >> >> I use this javascript lib [1 <http://ubilabs.github.io/geocomplete/>] to >> populate a form with geolocalization data [2 >> <http://ubilabs.github.io/geocomplete/examples/form.html>]. It works >> very well in a crud.create form, but if I use it in crud.update form I get >> this error, when the fields are dynamyc populated with the new data: >> >> SyntaxError: user is tampering with form's record_id: >> 7e127c37a39c01e218ccfdce430b5c25d34b6006 != 16 >> >> >> But if I change manually the field value it works how expected. >> >> Anybody would know how fix it? >> >> Thanks for all. >> >> [1] http://ubilabs.github.io/geocomplete/ >> [2] http://ubilabs.github.io/geocomplete/examples/form.html >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
