ACL transfers hidden fields to frontend

dscfrnt · Post by **dscfrnt** » 23 Mar 2025, 19:51

Hi all,

we're using the Customer Frontend for different customer services and forms via ACL.
Eg Customer A can use a form that is available via ACL that Customer B can't use.

However I noticed that in the source code of the website (HTML view), there are all forms visible no matter if hidden via ACL or not. Of course it cant be used but it is still visible.

This could be a serious security threat if there are e.g. dynamic fields with customer-internal information available in ACL forms.

Is there any way to disable this? So that the content will not be transferred to the frontend if ACL doesn't hit?

Post by **root** » 24 Mar 2025, 07:44

Hi,

Which add-ons do you have installed?

- Roy

skullz · Post by **skullz** » 26 Mar 2025, 10:13

This look like OTOBO instead of Znuny

dscfrnt · Post by **dscfrnt** » 26 Mar 2025, 15:31

Hi, yes this is OTOBO. This community is way better than otobo forum

So far everything I found here could be used in OTOBO

shawnbeasley · Post by **shawnbeasley** » 28 Mar 2025, 16:01

Hi, yes this is OTOBO. This community is way better than otobo forum So far everything I found here could be used in OTOBO

Welcome! Try our Discord Server as well. https://discord.gg/zyTTeFVA

Znuny Open Source Ticketsystem

ACL transfers hidden fields to frontend

ACL transfers hidden fields to frontend

Re: ACL transfers hidden fields to frontend

Re: ACL transfers hidden fields to frontend

Re: ACL transfers hidden fields to frontend

Re: ACL transfers hidden fields to frontend