Friday, May 15, 2009

Using AllowUnsafeUpdates

Syntax: bool SPSite.AllowUnsafeUpdates

Would essentially tell if you need to update on database when request is of type 'GET' - 'WITHOUT SECURITY' Validation. Well first of all why do you want to do it?


web.AllowUnsafeUpdates = true;

Best Practices:

1. DONT USE IT - If you use it, you are exposing yourself to the Cross-Site Scripting.

2. If the request is 'POST' you can happily use SPUtility.ValidateFormDigest() to execute your needs.

3. By default the value is set to 'FALSE' for all Request types 'GET'. Meaning, if some one is trying to update any list - unless and until you specify the property value to 'TRUE', SharePoint will not allow one to update the item.

So, you have to set it to 'TRUE' and then after your meet your requirement... set it to 'FALSE'.

bool allowUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
web.AllowUnsafeUpdates = allowUpdates;

No comments: