-
AuthorPosts
-
May 26, 2019 at 10:45 am #1104283
HI Guys,
In the “class-form-generator.php” file, starting at line 794 you have a filter callback that allows us to change the value of $proceed (true/false). However, you have code immediately following the callback that can alter the value of $proceed (line 798). So if I want to prevent emails that contain certain words from being sent and I return false from my filter callback when a bad word is detected, $this->check_recaptcha_token( $new_post[‘label_input’] ) could potentially switch $proceed back to true and render my filter useless:
//hook to stop execution here and do something different with the data $proceed = apply_filters( 'avf_form_send', true, $new_post, $this->form_params, $this ); if( $this->is_recaptcha() ) { $proceed = $this->check_recaptcha_token( $new_post['label_input'] ); // <--- this line renders any change to the value of $proceed in the callback filter useless! if( $proceed ) { delete_transient( 'avia_recaptcha_transient_' . $proceed ); } } if( ! $proceed ) { if( is_null( $proceed ) ) { return false; } else { return true; } }
The filter can only return true or false, so the only thing I can do is exit(); instead of allowing Enfold’s process for preventing the submission.
Great product. I have purchased several installs because it’s so versatile! Keep up the good work.
Thanks,
AndyMay 30, 2019 at 5:20 am #1105331Hey betaphase,
Thanks for the update.
We are currently improving the reCATPCHA option in the theme. Are you using it for your contact form? The following line will only be executed if the option is enabled.
if( $this->is_recaptcha() ) { $proceed = $this->check_recaptcha_token( $new_post['label_input'] ); // <--- this line renders any change to the value of $proceed in the callback filter useless! if( $proceed ) { delete_transient( 'avia_recaptcha_transient_' . $proceed ); } }
Best regards,
IsmaelMay 30, 2019 at 9:05 am #1105391This isn’t a support request, rather, I’m explaining why the position of the line below is flawed. It is only reliable IF reCAPTCHA is disabled, and will fail if it’s enabled. You should fix this.
$proceed = apply_filters( 'avf_form_send', true, $new_post, $this->form_params, $this );
- This reply was modified 5 years, 6 months ago by betaphase.
May 31, 2019 at 5:28 am #1105591Hi,
Thank you for the clarification. We’ll forward that to the dev team.
We will probably add another filter right after the recaptcha authentication. Something like this:
$proceed = $this->check_recaptcha_token( $new_post['label_input'] ); if( $proceed ) { delete_transient( 'avia_recaptcha_transient_' . $proceed ); $proceed = apply_filters( 'avf_form_send_recaptcha_authenticated', true, $new_post, $this->form_params, $this ); }
That should allow you to change the value of the $proceed based on certain conditions even when the spam protection is enabled.
Best regards,
IsmaelMay 31, 2019 at 11:44 am #1105658Yeah that makes sense. Thanks for passing it along!
May 31, 2019 at 4:05 pm #1105724Hi,
Did you need additional help or shall we close this topic?
Best regards,
Jordan ShannonMay 31, 2019 at 4:55 pm #1105751Close away! Thanks.
May 31, 2019 at 5:07 pm #1105757Hi,
If you need additional help, please let us know here in the forums.
Best regards,
Jordan Shannon -
AuthorPosts
- The topic ‘Form submission filter flaw (or feature request ;-))’ is closed to new replies.