How GravityView Security Works

As with any software, there may be security vulnerabilities. We do our best to secure the plugin and quickly patch any identified issues, but we provide no security guarantee or warrantee. GravityView is licensed under a  GPL 2.0 or newer license.

We've had customers interested in learning more about GravityView security. We only recommend using GravityView to display sensitive data when using the Advanced Filter Extension to  limit visible entries to those by the current user only.

How we make entries visible to only the current user

To verify the current user is able to see the entry (using the Advanced Filter Extension):
  • We use WordPress wp_get_current_user() function to get the current user ID
  • Check the current user ID against the creator of the entry (stored in Gravity Forms under the created_by column)
  • Make sure that the search being performed is interpreted as an "ALL" search (instead of "ANY") so that created_by={user id} is required, not optional
  • A search is performed using Gravity Forms GFAPI::get_entries()
  • Then GravityView displays the data

Editing an Entry

For editing the entry (in the core GravityView plugin), we then add an additional layer of security in the form of a nonce:
  • Generate a key using the entry ID being requested for edit, the View ID it's contained in (in case there are different permissions across different Views), and the Gravity Forms form ID
  • That key is used to generate a nonce using wp_nonce(), which is unique for the currently logged-in user and expires in 24 hours from the time of being generated. 
  • The nonce is sent as a request parameter (?edit={example nonce}) to the Entry URL
  • The nonce is validated in the Edit Entry screen before the form is displayed or a Edit Entry form submission is processed
If you're interested in the learning the exact parameters used to generate queries, you can install the  Debug Bar plugin. Once installed, visit a View and then click the "Debug" menu in the Admin Bar. You'll see a GravityView tab in the log menu. If you click that, you'll see the exact parameters used to generating each request and render the View.