Giter VIP home page Giter VIP logo

form_crshield's People

Contributors

derhansen avatar ecogabe avatar infabo avatar xerc avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar

form_crshield's Issues

Message “detected as spam”

Hi,
I feedback message “Your message was detected as spam” would be good instead of just displaying the form again when the form was submitted and detected as spam.

[BUG] Summary step does not validate

Hi, nice extension!
it works perfectly fine for normal or multistep forms.
Also good to test with disabled javascript.

I got an issue with summary steps though, which seem not to validate.
The $requestArguments are empty in my case so the validation fails in the afterSubmit function with the CR response invalid. Submitted data logs

EXT:form_crshield/Classes/Hooks/Form.php:72

Form does not get sent with version 1.4.0

The affected installation is using TYPO3 10.4.37 with PHP 7.4 and helhum/typo3-secure-web 0.3.2.

We have an contact email form there that is using EXT:form and this extension.

With version 1.3.2, I can submit the form (and get the email sent) without problems, and I see the thank-you page of the form.

With version 1.4.0, after submitting, the form gets displayed again (with the data I entered), no email is sent, and this gets logged in the TYPO3 debug log:

Thu, 01 Feb 2024 13:08:54 +0100 [DEBUG] request="19c4ec7b1b692" component="Derhansen.FormCrshield.Hooks.Form": Submitted data - {"text-1":"Oliver Klee","DZ7Fyhu1ivOeLGbaW3nXrmq":"","text-2":"[email protected]","text-3":"+49 +49 123 45678","textarea-1":"Test","cr-field":"MHwyOHA4cjNuMDc0czhxcXMwODU4bnFxNTQ3bzlycDM4M3M1cDk4MG4z"}
Thu, 01 Feb 2024 13:08:54 +0100 [DEBUG] request="19c4ec7b1b692" component="Derhansen.FormCrshield.Hooks.Form": CR response expired. Submitted data - {"text-1":"Oliver Klee","DZ7Fyhu1ivOeLGbaW3nXrmq":"","text-2":"[email protected]","text-3":"+49 +49 123 45678","textarea-1":"Test","cr-field":"MHwyOHA4cjNuMDc0czhxcXMwODU4bnFxNTQ3bzlycDM4M3M1cDk4MG4z"}
Thu, 01 Feb 2024 13:08:54 +0100 [DEBUG] request="19c4ec7b1b692" component="Derhansen.FormCrshield.Hooks.Form": CR response expired. Submitted data - {"text-1":"Oliver Klee","DZ7Fyhu1ivOeLGbaW3nXrmq":"","text-2":"[email protected]","text-3":"+49 123 45678","textarea-1":"Test","cr-field":"MHwyOHA4cjNuMDc0czhxcXMwODU4bnFxNTQ3bzlycDM4M3M1cDk4MG4z"}

(What stands out to me there is the "CR response expired" message.)

I've checked that FormCrShield.js gets loaded when I load the page and that there are no errors or warnings in the browser console.

Is this a bug, or has version 1.4.0 some breaking change that requires changes to the extension configuration?

And how can I help debug this?

I always get different expected vs calculated data in Firefox 121 on mac

On Firefox:

2023-12-30_15-31-32.mp4

Same form in chrome works:

2023-12-30_15-33-00.mp4

After some modifications the log contains this (for firefox):

// Form.php line 82 ff to get better insight into debugging

        if ($calculatedData !== $clientData) {
            $this->logger->debug(
                'CR response missmatch. Submitted data',
                [
                    'calculatedData' => $calculatedData,
                    'expectedData' => $clientData
                ]
            );
            return '';
        }

Sat, 30 Dec 2023 15:28:02 +0100 [DEBUG] request="6c4e5ff2ae00d" component="Derhansen.FormCrshield.Hooks.Form": CR response missmatch. Submitted data - {"calculatedData":"8111n9r3sr0p5s4p4pr245052nr0669n57s285q9","expectedData":"8111a9e3fe0c5f4c4ce245052ae0669a57f285d9"}


And the js:

```javascript
// FormCrShield.js line 15 - the result was visible in the screencast

      console.log(element.value);

I doubt, some strange bug is causing a difference in the calculation of the javascript. Will try to reproduce that on a clean profile of firefox as well.

[TASK] Add acceptance test suites

Add acceptance test suites to cover:

  • Test different forms with chrome webbrowser (selenium/headless)
  • Test different forms with phpbrowser (no JavaScript)

Validation fails after submit of incomplete/invalid form's data

Steps to reproduce:

  1. Make a for with just 1 single mandatory field.
  2. Submit that form with empty required field
  3. You'll land on form with validation errors. Complete requires field and submit.
  4. CR validation will fails and none of form's finishers will be executed

From what I can see the reason is following:

  1. When form is generated for a first time it generates challene AAA with timestamp 1000.
  2. JS transforms it into 1000|BBB
  3. On invalid form submit form hook validates str_rot13('BBB')==='AAA' as valid. Anf in the same time generates the new challenge: 2000|CCC
  4. Next I'm not sure, but most probably Form applies POST data to the cr-field and fenerates form with required field validation errors. It measn that form sends to client "1000|BBB" as a challenge anstead of new "2000|CCC"
  5. JS on the client side transforms "1000|BBB" into "1000|AAA"
  6. When client submits data CR from handler retrieves challenge for timestamp 1000 from the request which is "AAA" and fails validation with str_rot13('AAA')!=='AAA'

[BUG] Form editor preview broken since install of form_crshield

When the extension is installed, the preview in the form editor is broken. The following javascript error occurs:
Uncaught Error: Could not find form element "cr-field" in path "formName/page-1/cr-field" (1472424334)

If the extension is uninstalled it works.
TYPO3 10.4.32
PHP 7.4

override for given form

Is it possibly to setup a given form that is not protected by this extension even if the extension is installed and present.
I have a form with topwire and summary and sometimes I can´t submit the last step and my guess is that form_crshield is causing this. No issues if I uninstall form_crshield.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.