Sonataadminbundle: Child admins entities are accessible from any parent admin entities.

Created on 13 Jul 2017 · 1Comment · Source: sonata-project/SonataAdminBundle

Subject

When editing a child (or on any other child route) if you change the parent id there's no error.

In fact, there have never been any check that the child belong to the parent.

My first thought was this is a security issue due to the scope of this bug. I discussed with @greg0ire about it and we finally agreed that it is not.

Easy Pick bug

Source

jlamur

👍1

Most helpful comment

Still, getting a 404 for that would be nice.

greg0ire on 13 Jul 2017

👍3

>All comments

Still, getting a 404 for that would be nice.

greg0ire on 13 Jul 2017

👍3

Was this page helpful?

0 / 5 - 0 ratings

Related issues

How to hide relation in sonata_type_collection

vazgen · 4Comments

sonata_type_collection replaces all rows when new is added

tiagojsag · 4Comments

The option "property" does not exist.

aglemakinafr · 4Comments

I'm unable to make Sonata work with nested entities, could anyone help?

lukasz-zaroda · 3Comments

How to get image preview in symfony collection images

ajeetvarma · 3Comments