CGFeedback and {cge_form_csrf}

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Post Reply
Andrew Prior
Forum Members
Forum Members
Posts: 241
Joined: Sun Oct 28, 2007 4:14 am
Location: Australia

CGFeedback and {cge_form_csrf}

Post by Andrew Prior »

I cannot work out where to put

Code: Select all

{cge_form_csrf} 
in the templates. I understand that the upgrade to the latest version will not alter my templates. So, in order to cheat, I made a new install of CGFeedback on a website which did not have the module and none of the templates contain

Code: Select all

{cge_form_csrf} 
.

The only place I can find anything remotely like

Code: Select all

{startform}
is in the CGFeedback Sample Comment Form where it says

Code: Select all

{form_start action=default inline=$inline extraparms=$extraparms}
I have added the cge_form_crsf after this

Code: Select all

{form_start action=default inline=$inline extraparms=$extraparms}{cge_form_csrf} 
to no avail. So totally lost and with no idea. Can anyone point me in the right direction please.

Version 2.2.7 and CGFeedback 2.2
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1609
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: CGFeedback and {cge_form_csrf}

Post by DIGI3 »

I just did a test, and it worked putting it after the form_start as you did.

I did find that the required fields are buggy, disabling them all in the CGFeedBack settings let me submit the form.

Perhaps you can provide more detail as to what error you're getting?
Not getting the answer you need? CMSMS support options
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1609
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: CGFeedback and {cge_form_csrf}

Post by DIGI3 »

I'm actually seeing it's more than a validation issue, most of the form fields aren't being saved. In my error log I see:

Code: Select all

PHP Warning:  filter_var() expects parameter 2 to be integer, string given in /path/modules/CGFeedback/lib/class.param_cleaner.php on line 91
Perhaps someone else can verify this and I'll file a BR if it's not just me.
Not getting the answer you need? CMSMS support options
Andrew Prior
Forum Members
Forum Members
Posts: 241
Joined: Sun Oct 28, 2007 4:14 am
Location: Australia

Re: CGFeedback and {cge_form_csrf}

Post by Andrew Prior »

Thankyou DIG13.

From phpMyAdmin I can see that nothing is being saved to the comments table.

The error I am getting in the logs is

Code: Select all

[14-Oct-2018 06:16:52 Australia/Brisbane] PHP Notice:  Use of undefined constant FILTER_SANITiZE_STRING - assumed 'FILTER_SANITiZE_STRING' in /home/mansweb/public_html/modules/CGFeedback/lib/class.param_cleaner.php on line 91
[14-Oct-2018 06:16:52 Australia/Brisbane] PHP Warning:  filter_var() expects parameter 2 to be long, string given in /home/mansweb/public_html/modules/CGFeedback/lib/class.param_cleaner.php on line 91
I disabled all the required fields and this let a comment be made; that is, there is a new record in the CGFeedback table, but it is mostly blank and the originating URL is wrong.

This is my code to allow a comment:

Code: Select all

<p>{CGFeedback action='summary' sortorder="ASC"}<br /><b>Would you like to comment?</b><br />
<__script__ type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></__script>
<__script__ type="text/javascript">// <![CDATA[
function toggleDiv(divId) {
   $("#"+divId).toggle();
}
// ]]></__script>
<a style="background-color: rgba(237, 240, 240, 0.46); padding: 5px 10px;" href="javascript:toggleDiv('myComment');">Click to add Feedback</a>
<div id="myComment" style="background-color: #dae8ec; padding: 5px 10px; display: none;">{CGFeedback}</div>
This is my template. You can see I have put the cge_form_csrf at the end (I read that some one was doing this in the Forum) but it makes no difference to the outcome if it's at start form or end form.

Code: Select all

{* comment form template *}
{if isset($message)}
  <div class="pagemessage">{$message}</div>
{else}
  {* no message... display the form *}
  <div class="cgfeedback_addcomment">
  {if isset($error)}
     <div class="error">{$error}</div>
  {/if}

  {form_start action=default inline=$inline extraparms=$extraparms}
  {*
   * A simple honeypot captcha field.  This field needs to be a text field, but hidden with CSS
   * deleting this field from the template will have no effect on form behavior, but if this
   * field exists, and is populated an error will be generated.
   *}
  <input type="text" name="{$actionid}feedback__data" value="" style="display: none;"/>
  <fieldset style="margin: 1em;">
  <legend>&nbsp;{$mod->Lang('prompt_add_comment')}&nbsp;</legend>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}title">{$mod->Lang('prompt_title')}:</label>
    </div>
    <div class="col-md-8">
      <input type="text" id="{$actionid}title" name="{$actionid}title" size="60" maxlength="255" value="{$comment_obj->title}"/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}author_name">*{$mod->Lang('prompt_your_name')}:</label>
    </div>
    <div class="col-md-8">
      <input type="text" id="{$actionid}author_name" name="{$actionid}author_name" size="40" maxlength="255" value="{$comment_obj->author_name}" required/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}author_email">{$mod->Lang('prompt_your_email')}:</label>
    </div>
    <div class="col-md-8">
      <input type="email" id="{$actionid}author_email" name="{$actionid}author_email" size="40" maxlength="255" value="{$comment_obj->author_email}"/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right"></div>
    <div class="col-md-8">
      <label> <input type="checkbox" name="{$actionid}author_notify" value="1" {if $comment_obj->author_notify == 1}checked{/if}/> {$mod->Lang('prompt_notify')}</label>
    </div>
  </div>

    <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}comment">{$mod->Lang('prompt_comment')}:</label>
    </div>
    <div class="col-md-8">
      {cge_textarea wysiwyg=$wysiwyg name="{$actionid}comment" id="{$actionid}comment" rows=3 cols="60" value=$comment_obj->data}
    </div>
  </div>

  {* custom fields *}
  {if isset($fields)}
    {foreach $fields as $fieldid => $field}
      {$_id="{$actionid}field_{$fieldid}"}
      <div class="row">
        <div class="col-md-4 text-right">
          <label for="{$_id}">{$field.name}:</label>
        </div>
        <div class="col-md-8">
          {if $field.type == 0 or $field.type == 1 }
            <input type="text" name="{$actionid}field_{$fieldid}" value="{$field.value|default:''}" size="{$field.attrib.length}" maxlength="{$field.attrib.maxlength}"/>
          {elseif $field.type == 2}
            {cge_textarea wysiwyg=$field.attrib.usewysiwyg|default:0 rows=3 id="{$_id}" name="{$actionid}field_{$fieldid}" value=$field.value|default:''}
          {elseif $field.type == 3}
            <select name="{$actionid}field_{$fieldid}">
              {html_options options=$field.attrib.options selected="{$field.value}"}
            </select>
          {elseif $field.type == 4}
            <select multiple="multiple" size="4" name="{$actionid}field_{$fieldid}[]">
              {html_options options=$field.attrib.options selected="{$field.value}"}
            </select>
  	  {elseif isset($field.input)}
            {$field.input}
          {/if}
        </div>
      </div>
    {/foreach}
  {/if}

  {if isset($captcha_img)}
    {* handle captcha image *}
    <div class="row">
      <div class="col-md-4 text-right"><label for="{$actionid}captchatext">{$mod->Lang('prompt_captcha')}:</label></div>
      <div class="col-md-8">
        {if $captcha_needs_input}
        <input type="text" class="form-control" id="{$actionid}captchatext" name="{$actionid}feedback_captcha" value="" size="20"/><br/>
	{/if}
        {$captcha_img}
      </div>
    </div>
  {/if}

  <div class="row">
    <div class="col-md-4 text-right"></div>
    <div class="col-md-8">
      <button class="btn btn-active" name="{$actionid}cgfb_submit">{$mod->Lang('submit')}</button>
    </div>
  </div>

  </fieldset>
 {cge_form_csrf} {form_end}
  </div>
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1609
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: CGFeedback and {cge_form_csrf}

Post by DIGI3 »

I've filed a bug report. In the meantime you may want to roll back to an earlier version.

http://dev.cmsmadesimple.org/bug/view/11908
Not getting the answer you need? CMSMS support options
Post Reply

Return to “Modules/Add-Ons”