sirspider Posted August 21, 2020 Posted August 21, 2020 Hello, I'm trying to create an "Edit in ACP" button on the user profile headers. This is the template code I have so far: {{if \IPS\Member::loggedIn()->isAdmin() }} <li> <a href='{url="app=core&module=members&controller=members&do=view&id={$member->member_id}" base="admin"}' class='ipsButton ipsButton_overlaid'> <i class='fa fa-pencil'></i> <span class='ipsResponsive_hidePhone ipsResponsive_inline'> Edit in ACP</span> </a> </li> {{endif}} However after following the link and being redirected to the admincp login page, the redirect removes the `do=view` part of the URL. It becomes: &app=core&module=members&controller=members&id=1 How can I go about ensuring that `do=view` remains?
Solution bfarber Posted August 21, 2020 Solution Posted August 21, 2020 When logging in to the AdminCP, do parameters will be stripped from the URL. This is intended to help protected administrators from making unintended changes on their site by following a link (or being redirected) from a malicious source. We may be able to revisit this behavior in a future release now that stronger CSRF protections are in place. In the mean time, your only option would be to use a custom controller and put your actions in the manage method. sirspider 1
Recommended Posts