+ Start a Discussion

I am able to edit standard objects from sites



I am able to do the above, but was wondering if it might be a hole that will be closed. Currently if I use the following in sites,



<apex:page controller="EditStandardObjSites" showHeader="false" cache="false"> <apex:form > <apex:outputLabel value="{!acc.id}"/> <apex:inputText value="{!name}"/> <apex:commandButton value="Save" action="{!save}" /> </apex:form></apex:page>


public class EditStandardObjSites{ public String name{get;set;} public Account acc{get;set;} public EditStandardObjSites(){ acc = [SELECT id, name FROM Account LIMIT 1]; } public void save(){ acc.name = name; upsert acc; }}

 Note I've tried with 'with sharing' as well. 


From what I've read I shouldn't be able to edit standard objects in Sites. Is this correct? Is the functionality I'm using a hack or expected behaviour?


I've guessed that the page is running in the user context, and the class in the system context and that's why this is all working( as well as why it doesn't work if I use the object fields directly within the page).


I would like to use this code, but am worried that if it's flagged at some later stage as a hole it might be closed and as a result kill my app.







Site license doesn't grant you edit or delete access for standard objects.

I would not recommend using a code goes against the license agreement.