Regarding Section View

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Regarding Section View

abhinav
Sir, I don't want the section name at the top of form.


Is it possible to remove like this. Here i am attaching the image .
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Regarding Section View

abhinav
There is big issues in such type of form:
Suppose I created one form and given that so many fields in that fields there is one field name receipt_no given in the top of the form. This field name = receipt_no is read only and receipt_no is generated automatically by the developer team by using java etc.



So, when applicant open that form and Right click and open in new tab. Form is opening by sending receipt_no IN URL.



So due to this Applicant can change EDIT/UPDATE this receipt_no manually whatever he/she want to give receipt_no.
After changing/Updating the receipt number in URL by manually it is able to change/Update the receipt number this issue caused from 'AUDIT TEAM "as "PARAMETER TEMPERING".
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Regarding Section View

abhinav
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Regarding Section View

Erik Bruchez
Administrator
In reply to this post by abhinav
For reference, this appears to be a quite old version of Orbeon Forms, maybe 3.9.

You can remove the table of contents with the configuration property:

<property
  as="xs:integer"
  name="oxf.fr.detail.toc.*.*"
  value="-1"/>

-Erik
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Regarding Section View

Erik Bruchez
Administrator
In reply to this post by abhinav
I don't think this behavior you are showing of passing the parameter in the URL is done by Orbeon Forms proper. It is probably some logic that whomever built this form put in.

And yes, you are correct that  if the receipt number can be passed to the form and is just trusted, it's quite unsafe. But again I think this logic must be something implemented by the author of that particular form.

-Erik
Loading...