When populating the values of input fields via parameters in a URL (dynamic population) in Gravity Forms, are there any security risks?
You do have to name the fields when editing the form in order for a parameter in the URL to do anything. And all it does is populate the value of an input field. But I wonder if this opens up any vulnerability.
all it does is populate the value of an input field.
That's right, and before the value is sent to the browser it is always escaped by the appropriate WordPress helper function.
Related
I have an approve and reject form having three views. In the first view i.e the requester's view I auto-populate the requester name by using "GetUserProfileByName". Now I also want to auto populate the name of the user who approves the form in a different view (but this view also has the requester's name)- so I was wondering if I actually use "GetUserProfileByName" again won't it change the first name too (i.e the requester's name). I don't have other accounts to test it out.
Can someone please provide a workaround to this problem
So basically I want this to happen:- For example when John enters the form his name should be auto populated in the requester's name field. And once this form is send to Michelle who approves it - the approver's name field should have been autopopulated with Michelle's name.
How can I avoid overwriting of data.
Thank you for helping
Add fields to the form data source to store the data returned from GetUserProfileByName service. Do not use default values for the values in these fields. Instead, I generally use form load rules for this - run the query, and then, if the requester field is blank, set the field to the user's name from the datasource.
When the approved view is submitted, you can take a similar approach with the approver name field - if it is blank, set it.
I'm trying to include Gravity Forms on my wordpress website. I wanted to use dynamically populated fields and looked up the docs that say:
You can populate a field via the query string by appending the dynamic
population parameter you specified for the field to the end of your
form URL along with your custom value.
http://siteurl.com/form-url/?your_parameter=value
I have made my first field dynamically populated and named the parameter "name".
Unfortunately when I type:
You can populate a field via the query string by appending the dynamic population parameter you specified for the field to the end of your form URL along with your custom value.
http://siteurl.com/form-url/?name=test
I'm getting an error Error, Page not found. Do I need to change something in my permalink section?
You need to enable "All field to be populated dynamically" option for the field that you want to be populated by url parameter. Try using anything other than "name" for example "your_name" or "full_name". It will work properly.
Here's the sitch: I'm using a multi-page Gravity Form in conjunction with an external API.
On the first page of the form, the user supplies a phone number. On a subsequent page, I need to send the external API the phone number in order to retrieve the user's current settings, which then must be prepopulated in other fields.
I know how to use gform_post_paging, but since $entry hasn't been created yet I can't use it to pull fields from previous pages.
gform_pre_submission/gform_after_submission don't help me because I need to make the API call prior to users reaching the end of the form.
I've also tried handling this via jQuery, by pulling and storing the value of the phone field on page advancement (e.g. var phoneNum = jQuery('#input_2_25').attr('value');), but I get "undefined" no matter what when using field ids. (It works fine, in the same location, looking for other ids on the site, so the issue isn't with jQuery.) I'm guessing this means that between pages, the form elements don't exist in the view?
How can I accomplish this goal (i.e., retrieving a value from a previous page in a multi-page Gravity Form prior to the user reaching the end of the form)?
All of the data is stored in the $_POST variable on each page submission. Gravity Forms has a helper function for accessing $POST data. The format for the variable name will be 'input{fieldId}'.
$value = rgpost( 'input_1' ); // replace "1" with your field ID
Depending multiple choices done by a user in few steps I have to generate a form in a web page for the user.
In a database I had all the necessary stuff (regex validation of every form field, name, type etc.) I would like to know what could be the best way to autogenerate a form using MVC3.
Should I autogenerate a model, set the model of my views to dynamic, and inject some validation attributes to every property of my dynamic model?
How should I get the values on my post action?
As the fields are all dynamic (from the database), your model could very easily store an IEnumerable where Question is an object which has information about the type of field. i.e. Id, TypeId (text, checkbox, select list), Wording, Heading, ValidationTypeId etc.
Then use mvchelpers passing in Question to a method which would determine the html to output. This could very well include a validator.
On the form loop over Model.SurveyQuestions and for each row send Question to the mvc helper. The helper, knowing everything about the Question can output the label, type of input box and the required validator.
This is a wise way to accomplish what you are trying to do as your input fields is dynamic. I just completed a project doing exactly this.
I have several fields on an Orbeon xform that are populated by a database service and action. There are constraints on these fields (example field must be equal to zero). When the action is triggered by activation of a button, data is populated in these fields from the database service.
I get the constraint error message at the bottom, but the field does not highlight after the action is triggered. If I enter and exit the field, then the field is highlighted.
I can understand that this behavior makes sense when you are expecting the use to fill out every field on the form. But some fields may be automatically populated or calculated.
Is there a way to force validation of the constraint without having the user enter the field? Actually, what it seems the user must do is enter the field and then enter another field to get this highlight to appear.
I have tried including the value of another field in the constraint. This works for Read-Only and Visibility validations. When the value of the other field changes, these validations are re-evaluated. But Constraint does not seem to be re-evaluated or at least the method that generates the field highlight is not re-evaluated.
(I assume that this is related to a form you created with Form Builder.)
Controls are revalidated when a service is called, but the error indicator, both next to the field and in the error summary, only shows after users visited the field. You can programmatically tell the error summary to consider all the controls visited by sending a fr-visit-all, doing a refresh, and sending a fr-update. (Let me know if you're having any trouble using this in Form Builder, and I can add some more information about this to this response.)