• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: CGFeedback and {cge_form_csrf}
PostPosted: Sat Oct 13, 2018 11:03 am 
Offline
Forum Members
Forum Members

Joined: Sun Oct 28, 2007 4:14 am
Posts: 210
Location: Australia
I cannot work out where to put
Code:
{cge_form_csrf}
in the templates. I understand that the upgrade to the latest version will not alter my templates. So, in order to cheat, I made a new install of CGFeedback on a website which did not have the module and none of the templates contain
Code:
{cge_form_csrf}
.

The only place I can find anything remotely like
Code:
{startform}
is in the CGFeedback Sample Comment Form where it says
Code:
{form_start action=default inline=$inline extraparms=$extraparms}
I have added the cge_form_crsf after this
Code:
{form_start action=default inline=$inline extraparms=$extraparms}{cge_form_csrf}
to no avail. So totally lost and with no idea. Can anyone point me in the right direction please.

Version 2.2.7 and CGFeedback 2.2


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CGFeedback and {cge_form_csrf}
PostPosted: Sat Oct 13, 2018 4:27 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Feb 25, 2009 4:25 am
Posts: 747
Location: Victoria, BC
I just did a test, and it worked putting it after the form_start as you did.

I did find that the required fields are buggy, disabling them all in the CGFeedBack settings let me submit the form.

Perhaps you can provide more detail as to what error you're getting?

_________________
Not getting the answer you need? CMSMS support options


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CGFeedback and {cge_form_csrf}
PostPosted: Sat Oct 13, 2018 4:55 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Feb 25, 2009 4:25 am
Posts: 747
Location: Victoria, BC
I'm actually seeing it's more than a validation issue, most of the form fields aren't being saved. In my error log I see:

Code:
PHP Warning:  filter_var() expects parameter 2 to be integer, string given in /path/modules/CGFeedback/lib/class.param_cleaner.php on line 91


Perhaps someone else can verify this and I'll file a BR if it's not just me.

_________________
Not getting the answer you need? CMSMS support options


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CGFeedback and {cge_form_csrf}
PostPosted: Sat Oct 13, 2018 8:36 pm 
Offline
Forum Members
Forum Members

Joined: Sun Oct 28, 2007 4:14 am
Posts: 210
Location: Australia
Thankyou DIG13.

From phpMyAdmin I can see that nothing is being saved to the comments table.

The error I am getting in the logs is
Code:
[14-Oct-2018 06:16:52 Australia/Brisbane] PHP Notice:  Use of undefined constant FILTER_SANITiZE_STRING - assumed 'FILTER_SANITiZE_STRING' in /home/mansweb/public_html/modules/CGFeedback/lib/class.param_cleaner.php on line 91
[14-Oct-2018 06:16:52 Australia/Brisbane] PHP Warning:  filter_var() expects parameter 2 to be long, string given in /home/mansweb/public_html/modules/CGFeedback/lib/class.param_cleaner.php on line 91


I disabled all the required fields and this let a comment be made; that is, there is a new record in the CGFeedback table, but it is mostly blank and the originating URL is wrong.

This is my code to allow a comment:

Code:
<p>{CGFeedback action='summary' sortorder="ASC"}<br /><b>Would you like to comment?</b><br />
<__script__ type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></__script>
<__script__ type="text/javascript">// <![CDATA[
function toggleDiv(divId) {
   $("#"+divId).toggle();
}
// ]]></__script>
<a style="background-color: rgba(237, 240, 240, 0.46); padding: 5px 10px;" href="javascript:toggleDiv('myComment');">Click to add Feedback</a>
<div id="myComment" style="background-color: #dae8ec; padding: 5px 10px; display: none;">{CGFeedback}</div>


This is my template. You can see I have put the cge_form_csrf at the end (I read that some one was doing this in the Forum) but it makes no difference to the outcome if it's at start form or end form.
Code:
{* comment form template *}
{if isset($message)}
  <div class="pagemessage">{$message}</div>
{else}
  {* no message... display the form *}
  <div class="cgfeedback_addcomment">
  {if isset($error)}
     <div class="error">{$error}</div>
  {/if}

  {form_start action=default inline=$inline extraparms=$extraparms}
  {*
   * A simple honeypot captcha field.  This field needs to be a text field, but hidden with CSS
   * deleting this field from the template will have no effect on form behavior, but if this
   * field exists, and is populated an error will be generated.
   *}
  <input type="text" name="{$actionid}feedback__data" value="" style="display: none;"/>
  <fieldset style="margin: 1em;">
  <legend>&nbsp;{$mod->Lang('prompt_add_comment')}&nbsp;</legend>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}title">{$mod->Lang('prompt_title')}:</label>
    </div>
    <div class="col-md-8">
      <input type="text" id="{$actionid}title" name="{$actionid}title" size="60" maxlength="255" value="{$comment_obj->title}"/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}author_name">*{$mod->Lang('prompt_your_name')}:</label>
    </div>
    <div class="col-md-8">
      <input type="text" id="{$actionid}author_name" name="{$actionid}author_name" size="40" maxlength="255" value="{$comment_obj->author_name}" required/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}author_email">{$mod->Lang('prompt_your_email')}:</label>
    </div>
    <div class="col-md-8">
      <input type="email" id="{$actionid}author_email" name="{$actionid}author_email" size="40" maxlength="255" value="{$comment_obj->author_email}"/>
    </div>
  </div>

  <div class="row">
    <div class="col-md-4 text-right"></div>
    <div class="col-md-8">
      <label> <input type="checkbox" name="{$actionid}author_notify" value="1" {if $comment_obj->author_notify == 1}checked{/if}/> {$mod->Lang('prompt_notify')}</label>
    </div>
  </div>

    <div class="row">
    <div class="col-md-4 text-right">
       <label for="{$actionid}comment">{$mod->Lang('prompt_comment')}:</label>
    </div>
    <div class="col-md-8">
      {cge_textarea wysiwyg=$wysiwyg name="{$actionid}comment" id="{$actionid}comment" rows=3 cols="60" value=$comment_obj->data}
    </div>
  </div>

  {* custom fields *}
  {if isset($fields)}
    {foreach $fields as $fieldid => $field}
      {$_id="{$actionid}field_{$fieldid}"}
      <div class="row">
        <div class="col-md-4 text-right">
          <label for="{$_id}">{$field.name}:</label>
        </div>
        <div class="col-md-8">
          {if $field.type == 0 or $field.type == 1 }
            <input type="text" name="{$actionid}field_{$fieldid}" value="{$field.value|default:''}" size="{$field.attrib.length}" maxlength="{$field.attrib.maxlength}"/>
          {elseif $field.type == 2}
            {cge_textarea wysiwyg=$field.attrib.usewysiwyg|default:0 rows=3 id="{$_id}" name="{$actionid}field_{$fieldid}" value=$field.value|default:''}
          {elseif $field.type == 3}
            <select name="{$actionid}field_{$fieldid}">
              {html_options options=$field.attrib.options selected="{$field.value}"}
            </select>
          {elseif $field.type == 4}
            <select multiple="multiple" size="4" name="{$actionid}field_{$fieldid}[]">
              {html_options options=$field.attrib.options selected="{$field.value}"}
            </select>
       {elseif isset($field.input)}
            {$field.input}
          {/if}
        </div>
      </div>
    {/foreach}
  {/if}

  {if isset($captcha_img)}
    {* handle captcha image *}
    <div class="row">
      <div class="col-md-4 text-right"><label for="{$actionid}captchatext">{$mod->Lang('prompt_captcha')}:</label></div>
      <div class="col-md-8">
        {if $captcha_needs_input}
        <input type="text" class="form-control" id="{$actionid}captchatext" name="{$actionid}feedback_captcha" value="" size="20"/><br/>
   {/if}
        {$captcha_img}
      </div>
    </div>
  {/if}

  <div class="row">
    <div class="col-md-4 text-right"></div>
    <div class="col-md-8">
      <button class="btn btn-active" name="{$actionid}cgfb_submit">{$mod->Lang('submit')}</button>
    </div>
  </div>

  </fieldset>
 {cge_form_csrf} {form_end}
  </div>


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CGFeedback and {cge_form_csrf}
PostPosted: Sat Oct 13, 2018 10:44 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Feb 25, 2009 4:25 am
Posts: 747
Location: Victoria, BC
I've filed a bug report. In the meantime you may want to roll back to an earlier version.

http://dev.cmsmadesimple.org/bug/view/11908

_________________
Not getting the answer you need? CMSMS support options


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC


Who is online

Users browsing this forum: bing


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
A2 Hosting