infocade
Forum Replies Created
-
all good then, thread can be closed!
Thanks!Hi Amin @wpmudev-support2 ,
thanks! But I think there is a misunderstanding. Here is what I understood from your colleague Patrick:
Your colleague suggested to use regular field (not a hidden field) because the hidden field cannot be manipulated at all on the backend side. If it could be manipulated by JS it would be vulnerability.
The important part:
To his suggestion he added the concern that also the regular input field (hidden by CSS) can be subject to undesired activities. That’s why he advised: Use only if needed. Right? Or did I get that wrong?
Then everything would be good. The suggestion (hide regular field by CSS) works just fine. I just wondered if any additional measures should be taken for security concerns not only with the hidden field, but also with the regular field that your colleague suggested?Hi Patrick @wpmudevsupport12 ,
thank you! That sounds very sound!
Just to confirm:
Due to the security-measures you mentioned the hidden field approach is not going to work whatsoever, right?
And a question on your suggestion:“regular input field, then hide it via CSS and then your changes via JS would be saved in that input, though, for the same reason we won’t allow hidden fields to be changed ( other than via query parameters ), make sure to use it only if necessary.”
Would your security concerns be addressed if we restrict the options for the input field (e.g. only 1 or 0)?
Hi Nithin @wpmudevsupport11 , thanks!
We tried to follow up on your hint re the backend-wise field updates. Not sure if we are on the right path.
However, I just inspected the whole thing in the console and saw that upon submit the hidden field that we want to use is changed back to 0 (while it was set to 1 before, which is how it’s supposed to be).
Would you know why that happens? That doesn’t seem to be a backend thing anyway!? Or is it related to the frontend-backend disconnect that you were explaining?Thanks, Nithin @wpmudevsupport11 ! It was only the one field group that surprised me with an “add item” button when checking on the page.
Anyway! Done for now then! Thanks for your efforts!
Hi Nithin @wpmudevsupport11 ,
here you go: https://drive.google.com/file/d/1UPZ6vcQcqt-qMYfV_yF8ae8m10RvfNSK/view?usp=sharing
The issue was that ingroup-2the repeater enabled instead of disabled.Again, this is from my memory, I’m very sure, but might be wrong in fact…there is no documentation or other proof. Our hosting service provides allows to rollback to the state from max 7 days. So this wouldn’t help either to clarify. Pls lmk if you find sth or not.
And generally again the question: If it can happen that UI-based stuff breaks with Plugin-Updates, any recommendations for quick QAIng?
Hi Nithin @wpmudev-support7 ,
Sounds like you have managed to figure it out.
Turned out we haven’t 🙁
I managed to populate the binary hidden field and also I can show/hide other fields based on the value of this binary field. So frontend-wise everything works well.
HOWEVER: Apparently, fields that are shown based on the value of this binary hidden field are not submitted properly in the end. When I switch back to showing them based on the particular values of the select-field (instead of the allow-list workaround) everything works well again.
Would you know why this happens?
If it wouldn’t work at all I would need to rework the whole thing ofc. But that it’s working half the way seems weird to me.Solved with this JQUERY-script (adjusted – syntax should be validated before use)
jQuery(document).ready(function ($) {
$(document).on('select2:select change', 'select[name="select-1"]', function () {
let selectedValue = $(this).val();
let allowedValues = ["allowedvalue1", "allowedvalue2", "allowedvalue3"];
let hiddenField = $('input[name="hidden-5"]');
if (allowedValues.includes(selectedValue)) {
hiddenField.val("1");
} else {
hiddenField.val("0");
}
});
});Edit: Formatting is off – can’t help it quickly. Sorry!
- This reply was modified 1 year, 2 months ago by infocade.
Thanks for the swift reply here as well, Saurabh @wpmudev-support7 !
The challenge is to have an “allow-list” of values. I understand that this is currently not possible.Is there any work-around then?
My idea would be a binary hidden field. If the user picks a value from the “allow-list” in a select-field this hidden field has value 1. Else, its value is 0.
In this case set-up and maintenance has to address the visibily-rules of this hidden-field only instead of every field that refers to this “allow-list”.
But this doesn’t seem to be easy either!?Note that my example above (employment-status + income) might be a bit misleading. I’m talking about long lists of options that might be amended/reduced over time, while also the “allow-list”-status of single options might change.
Hi Saurabh @wpmudev-support7 ,
Thanks for the swift reply! It must have been between the 4 most recent Versions:
1.40.0 (which is the current one)
1.39.3
1.39.2
1.39.1 (with which everything was set and working as intended according to my memory)Hi Kris,
yes, the issue is solved! The information on the hook was helpful. Our custom script to insert form-data into a custom table is working now! 🙂
Thank you so much!PS.: just to clarify
“to disable the storing”
refers to the UI-option of forminator
“store those form entry data that I need to store in a separate table”
This I want to achieve by some additional PHP-code
Thank you, Imran @wpmudev-support9
I consider, as a workaround, to disable the storing and store those form entry data that I need to store in a separate table that I set up on the side.
However, it seems that the data are handled in an object not an array and are not accessible with the hook
forminator_custom_form_submit_before_set_fieldsCan you share some information on that? Or would you recommend a different hook?
Or do you think this isn’t possible whatsoever?Many thanks!
Hello @wpmudev-support2 ,
thanks for the swift reply!
Yes, I see that the option available in the UI affects all data.I’m thinking about adding some PHP-code that can do this.
Do you think that is possible?
By which attribute could I get the fields? name or ID?Thank you!
Michael- This reply was modified 1 year, 3 months ago by infocade.