Problem with Formbuilder 1.1.1

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Post Reply
CapereSpiritum
Forum Members
Forum Members
Posts: 223
Joined: Wed Dec 28, 2011 12:11 pm

Problem with Formbuilder 1.1.1

Post by CapereSpiritum »

I have an error message when submitting my form
FormBuilder submit error: XSS attempt!
I have another site using FB version 0.8.1.6 with no issues at all.

If I uninstall 1.1.1 and replace with 0.8.1.6, will it work with the newer version of CMSMS?
I'm only looking for basic form fields: Test Input. Test Area, Image File Upload.

I know about CGBetterForms. I'm not a dev and find it too complex to use. I know my way around FB sufficiently for the degree of use required.

My current site info is below
CMSMS Version 2.2.15

Installed Modules
AdminSearch 1.0.5
Album 1.11
CGBetterForms 1.10.4
CGExtensions 1.65.2
CGFeedback 1.8.3
CGSimpleSmarty 2.2.1
CMSContentManager 1.1.9
CMSMSExt 1.0.1
CMSMailer 6.2.14
Captcha 1.0
CmsJobManager 0.1.3
DesignManager 1.1.9
FileManager 1.6.12
FilePicker 1.0.5
FormBuilder 1.1.1
LISE 1.5.b.13
LISEdirectory 1.5.b.13
LISEwaterways 1.5.b.13
MenuManager 1.50.3
MicroTiny 2.2.5
ModuleManager 2.1.8
Navigator 1.0.9
News 2.51.11
Search 1.52
User avatar
velden
Dev Team Member
Dev Team Member
Posts: 3483
Joined: Mon Nov 28, 2011 9:29 am
Location: The Netherlands

Re: Problem with Formbuilder 1.1.1

Post by velden »

You've read the help and added the CSRF token field definition to the form too?
CapereSpiritum
Forum Members
Forum Members
Posts: 223
Joined: Wed Dec 28, 2011 12:11 pm

Re: Problem with Formbuilder 1.1.1

Post by CapereSpiritum »

Hi Velden.

Yes the CSRF token field is in and is the first field in the list.
CapereSpiritum
Forum Members
Forum Members
Posts: 223
Joined: Wed Dec 28, 2011 12:11 pm

Re: Problem with Formbuilder 1.1.1

Post by CapereSpiritum »

Could not resolve so removed v. 1.1.1 and installed 0.8.1.6
Used SMTP method of sending.
SUCCESS.

A little wary of upgrading to 1.1.1 :-\
User avatar
Jo Morg
Dev Team Member
Dev Team Member
Posts: 1921
Joined: Mon Jan 29, 2007 4:47 pm

Re: Problem with Formbuilder 1.1.1

Post by Jo Morg »

CapereSpiritum wrote: Sat May 01, 2021 1:44 pm I have an error message when submitting my form
FormBuilder submit error: XSS attempt!
I have another site using FB version 0.8.1.6 with no issues at all.

If I uninstall 1.1.1 and replace with 0.8.1.6, will it work with the newer version of CMSMS?
I'm only looking for basic form fields: Test Input. Test Area, Image File Upload.
CapereSpiritum wrote: Sun May 02, 2021 11:51 am A little wary of upgrading to 1.1.1
FormBuilder 1.1.1 is safer than its predecessors in that it solves a known vulnerability. It may need clearing the cache after upgrade but it does not require the CSRF token field although it is recommended. The CSRF token field is a separate security measure not directly related to the previous message. In all my tests and in different server settings I didn't get that error ever unless the session had expired and only once, after which the form would submit without issues. So I have to assume that it may be something very specific to your environment or an upgrade gone wrong at some point.
For security sake I would advise you to do some more testing before entirely dismissing the issue without an upgrade.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
User avatar
Dr.CSS
Moderator
Moderator
Posts: 12709
Joined: Thu Mar 09, 2006 5:32 am
Location: Arizona

Re: Problem with Formbuilder 1.1.1

Post by Dr.CSS »

Did you set the page as not cacheable..?
aloisdecroon
New Member
New Member
Posts: 3
Joined: Sun Feb 28, 2021 3:56 pm
Location: The Netherlands

Re: Problem with Formbuilder 1.1.1

Post by aloisdecroon »

For the sake of others and maybe as a contribution to a solution in one form or an other..


I got the same error, xss attempt, but only on the initial loaded page on android devices (in chrome).
If you open the (home)page and refreshed the page the form worked perfect..

On the desktop in chrome or firefox there was never a issue.

The situation happened on 2 different sites, in the end I made a backup of the forms and removed formbuilder and installed formbuilder version 1.0.2 via xml and restored the forms. And voila they worked also on mobile first time around.


I tried different things, loading the desktop version in chrome on android also did not worked,
added code to force a refresh after the paged loaded the first time but nothing helped,

<meta http-equiv="cache-control" content="no-cache, must-revalidate, post-check=0, pre-check=0" />
<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />

<__script__ type='text/javascript'>
window.onload = function() {
if(!window.location.hash) {
window.location = window.location + '#loaded';
window.location.reload();
}
}
</__script>
Post Reply

Return to “Modules/Add-Ons”