CMS Made Simple Forums
https://forum.cmsmadesimple.org/

CGFeedback and {cge_form_csrf}
https://forum.cmsmadesimple.org/viewtopic.php?f=7&t=79226
Page 1 of 1

Author:  Andrew Prior [ Sat Oct 13, 2018 11:03 am ]
Post subject:  CGFeedback and {cge_form_csrf}

I cannot work out where to put
Code:
{cge_form_csrf}
in the templates. I understand that the upgrade to the latest version will not alter my templates. So, in order to cheat, I made a new install of CGFeedback on a website which did not have the module and none of the templates contain
Code:
{cge_form_csrf}
.

The only place I can find anything remotely like
Code:
{startform}
is in the CGFeedback Sample Comment Form where it says
Code:
{form_start action=default inline=$inline extraparms=$extraparms}
I have added the cge_form_crsf after this
Code:
{form_start action=default inline=$inline extraparms=$extraparms}{cge_form_csrf}
to no avail. So totally lost and with no idea. Can anyone point me in the right direction please.

Version 2.2.7 and CGFeedback 2.2

Author:  DIGI3 [ Sat Oct 13, 2018 4:27 pm ]
Post subject:  Re: CGFeedback and {cge_form_csrf}

I just did a test, and it worked putting it after the form_start as you did.

I did find that the required fields are buggy, disabling them all in the CGFeedBack settings let me submit the form.

Perhaps you can provide more detail as to what error you're getting?

Author:  DIGI3 [ Sat Oct 13, 2018 4:55 pm ]
Post subject:  Re: CGFeedback and {cge_form_csrf}

I'm actually seeing it's more than a validation issue, most of the form fields aren't being saved. In my error log I see:

Code:
PHP Warning:  filter_var() expects parameter 2 to be integer, string given in /path/modules/CGFeedback/lib/class.param_cleaner.php on line 91


Perhaps someone else can verify this and I'll file a BR if it's not just me.

Author:  Andrew Prior [ Sat Oct 13, 2018 8:36 pm ]
Post subject:  Re: CGFeedback and {cge_form_csrf}

Thankyou DIG13.

From phpMyAdmin I can see that nothing is being saved to the comments table.

The error I am getting in the logs is
Code:
[14-Oct-2018 06:16:52 Australia/Brisbane] PHP Notice:  Use of undefined constant FILTER_SANITiZE_STRING - assumed 'FILTER_SANITiZE_STRING' in /home/mansweb/public_html/modules/CGFeedback/lib/class.param_cleaner.php on line 91
[14-Oct-2018 06:16:52 Australia/Brisbane] PHP Warning:  filter_var() expects parameter 2 to be long, string given in /home/mansweb/public_html/modules/CGFeedback/lib/class.param_cleaner.php on line 91


I disabled all the required fields and this let a comment be made; that is, there is a new record in the CGFeedback table, but it is mostly blank and the originating URL is wrong.

This is my code to allow a comment:

Code:
<p>{CGFeedback action='summary' sortorder="ASC"}<br /><b>Would you like to comment?</b><br />
<__script__ type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></__script>
<__script__ type="text/javascript">// <![CDATA[
function toggleDiv(divId) {
   $("#"+divId).toggle();
}
// ]]></__script>
<a style="background-color: rgba(237, 240, 240, 0.46); padding: 5px 10px;" href="javascript:toggleDiv('myComment');">Click to add Feedback</a>
<div id="myComment" style="background-color: #dae8ec; padding: 5px 10px; display: none;">{CGFeedback}</div>


This is my template. You can see I have put the cge_form_csrf at the end (I read that some one was doing this in the Forum) but it makes no difference to the outcome if it's at start form or end form.
Code:
{* comment form template *}
{if isset($message)}
  <div class="pagemessage">{$message}</div>
{else}
  {* no message... display the form *}
  <div class="cgfeedback_addcomment">
  {if isset($error)}
     <div class="error">{$error}</div>
  {/if}

  {form_start action=default inline=$inline extraparms=$extraparms}
  {*
   * A simple honeypot captcha field.  This field needs to be a text field, but hidden with CSS
   * deleting this field from the template will have no effect on form behavior, but if this
   * field exists, and is populated an error will be generated.
   *}
  <input type="text" name="{$actionid}feedback__data" value="" style="display: none;"/>
  <fieldset style="margin: 1em;">
  <legend>&nbsp;{$mod->Lang('prompt_add_comment')}&nbsp;</legend>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}title">{$mod->Lang('prompt_title')}:</label>
    </div>
    <div class="col-md-8">
      <input type="text" id="{$actionid}title" name="{$actionid}title" size="60" maxlength="255" value="{$comment_obj->title}"/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}author_name">*{$mod->Lang('prompt_your_name')}:</label>
    </div>
    <div class="col-md-8">
      <input type="text" id="{$actionid}author_name" name="{$actionid}author_name" size="40" maxlength="255" value="{$comment_obj->author_name}" required/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}author_email">{$mod->Lang('prompt_your_email')}:</label>
    </div>
    <div class="col-md-8">
      <input type="email" id="{$actionid}author_email" name="{$actionid}author_email" size="40" maxlength="255" value="{$comment_obj->author_email}"/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right"></div>
    <div class="col-md-8">
      <label> <input type="checkbox" name="{$actionid}author_notify" value="1" {if $comment_obj->author_notify == 1}checked{/if}/> {$mod->Lang('prompt_notify')}</label>
    </div>
  </div>

    <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}comment">{$mod->Lang('prompt_comment')}:</label>
    </div>
    <div class="col-md-8">
      {cge_textarea wysiwyg=$wysiwyg name="{$actionid}comment" id="{$actionid}comment" rows=3 cols="60" value=$comment_obj->data}
    </div>
  </div>

  {* custom fields *}
  {if isset($fields)}
    {foreach $fields as $fieldid => $field}
      {$_id="{$actionid}field_{$fieldid}"}
      <div class="row">
        <div class="col-md-4 text-right">
          <label for="{$_id}">{$field.name}:</label>
        </div>
        <div class="col-md-8">
          {if $field.type == 0 or $field.type == 1 }
            <input type="text" name="{$actionid}field_{$fieldid}" value="{$field.value|default:''}" size="{$field.attrib.length}" maxlength="{$field.attrib.maxlength}"/>
          {elseif $field.type == 2}
            {cge_textarea wysiwyg=$field.attrib.usewysiwyg|default:0 rows=3 id="{$_id}" name="{$actionid}field_{$fieldid}" value=$field.value|default:''}
          {elseif $field.type == 3}
            <select name="{$actionid}field_{$fieldid}">
              {html_options options=$field.attrib.options selected="{$field.value}"}
            </select>
          {elseif $field.type == 4}
            <select multiple="multiple" size="4" name="{$actionid}field_{$fieldid}[]">
              {html_options options=$field.attrib.options selected="{$field.value}"}
            </select>
       {elseif isset($field.input)}
            {$field.input}
          {/if}
        </div>
      </div>
    {/foreach}
  {/if}

  {if isset($captcha_img)}
    {* handle captcha image *}
    <div class="row">
      <div class="col-md-4 text-right"><label for="{$actionid}captchatext">{$mod->Lang('prompt_captcha')}:</label></div>
      <div class="col-md-8">
        {if $captcha_needs_input}
        <input type="text" class="form-control" id="{$actionid}captchatext" name="{$actionid}feedback_captcha" value="" size="20"/><br/>
   {/if}
        {$captcha_img}
      </div>
    </div>
  {/if}

  <div class="row">
    <div class="col-md-4 text-right"></div>
    <div class="col-md-8">
      <button class="btn btn-active" name="{$actionid}cgfb_submit">{$mod->Lang('submit')}</button>
    </div>
  </div>

  </fieldset>
 {cge_form_csrf} {form_end}
  </div>

Author:  DIGI3 [ Sat Oct 13, 2018 10:44 pm ]
Post subject:  Re: CGFeedback and {cge_form_csrf}

I've filed a bug report. In the meantime you may want to roll back to an earlier version.

http://dev.cmsmadesimple.org/bug/view/11908

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/