I have this Wordpress form for comments, it's pretty standard:
<form action="http://sitename.com/wp-comments-post.php" target="writeIframe" method="post" id="commentform" class="comment-form">
<p class="comment-form-author">
<label for="author">Your name</label>
<input id="author" name="author" type="text" value="" size="30">
</p>
<p class="comment-form-comment">
<label for="comment">Comment</label>
<textarea id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea>
</p>
<p class="form-submit">
<input name="submit" type="submit" id="submit" class="submit" value="Send">
<input type="hidden" name="comment_post_ID" value="1" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
</form>
It sends the user input data to wp-comments-post.php inside of a hidden iframe. Is this safe out of the box Wordpress or shall I add code to prevent attacks trough my comment form?
Did you take a look at using wp_nonce_field().
Here's what WordPress codex says:
A nonce is a "number used once" to help protect URLs and forms from certain types of misuse.
So i'll definitely advice you to take a look at it and use it.
Go to this codex page to know more:
http://codex.wordpress.org/WordPress_Nonces#Adding_a_nonce_to_a_form
Do read the Adding a nonce to a form section
Related
I'm pretty new to using wufoo forms and have been searching for a few days and can't quite find what I'm looking for.
I did find a number of articles about 'URL Modification' but not sure how to implement this for what I need.
We have a simple single wufoo form which is being used across 6 iterations of a client's domains (they are sector specific).
We want (in the email notification and response entry on wufoo) to record which site was used to complete the form (for analytical purposes).
In other words the email to the client should list:
Name: John Smith
Email: Johnsmith#mail.com
Phone: 555-123-1234
From: www.websiteversion1.com
The form is being integrated on Wordpress sites.
Any help would be appreciated!
You can copy the form HTML to your site's templates and modify the form, using PHP to fill in the value of the site url. I don't think WuFoo will automatically fill that field in for you.
First of all, in your WuFoo account forms manager, add a website (url) field and make it visible for admins only (this is a Wufoo option).
Then copy the generated form into your own template.
Now modify your form template so that it grabs the site URL and fills it in for the value of the website field where you want it.
Your form template might look something like this:
<form class="wufoo-form" id="form3" name="form3" accept-charset="UTF-8" autocomplete="off" enctype="multipart/form-data" method="post" novalidate action="#">
<div class="form-group">
<label for="Field1">Name</label>
<input id="Field1" name="Field1" type="text" placeholder="" value="">
</div>
<div class="form-group">
<label for="Field2">Email</label>
<input id="Field2" name="Field2" type="email" placeholder="" value="">
</div>
<div class="form-group">
<label for="Field3">Phone</label>
<input id="Field3" name="Field3" type="tel" placeholder="" value="">
</div>
<div class="form-group hidden">
<label for="Field4">From</label>
<input id="Field4" name="Field4" type="url" class="form-control" placeholder="" value="<?php esc_url( home_url() ); ?>">
</div>
<div class="form-group">
<button id="saveForm" name="saveForm" type="submit" name="submit" class="btn btn-primary btn-lg">Let's talk!</button>
<input type="hidden" id="idstamp" name="idstamp" value="***the_id_for_your_form_wufoo***" />
</div>
</form>
I have problem with placeholders in Wordpress Onetone theme. When I change text in placehoder tags to my preferred text it works, until I press on that field again and then text resest to it's older text. For example, I change "Email" to word "whatever" , save it, go to website, it shows word "whatever" in input area, and when i press with mouse on that area and then somewhere else, it resets back to "Email". How I could make that my text in placeholder would be permanent?
<div class="contact-area">
<form class="contact-form" method="post" action="">
<input type="text" name="name" id="name" value="" placeholder="Name" size="22" tabindex="1" aria-required="true">
<input type="text" name="email" id="email" value="" placeholder="Email" size="22" tabindex="2" aria-required="true">
<textarea name="message" id="message" cols="39" rows="7" tabindex="4" placeholder="Message"></textarea>
<p class="noticefailed"></p>
<input type="hidden" name="sendto" id="sendto" value="tomas#bandymasvienas.esy.es">
<input type="button" name="submit" id="submit" value="Post">
</form>
</div>
I found a problem. If you want to be text all time same, you need to find your .js file with your desired function and edit text in there and placeholders will show text you want.
I'm using the MailChimp for WordPress plugin and would like to re-direct to a new page on submit if possible?
Here's the code I've been trying to use:
<p>
<label>Name:</label>
<input type="text" required="required" placeholder="Your name" name="FNAME">
</p>
<p>
<label for="mc4wp_email">Email address: </label>
<input type="email" id="mc4wp_email" name="EMAIL" placeholder="Your email address" required />
</p>
<p>
<input type="submit" value="Sign up" />
<input type="hidden" name="redirect" value="/test">
</p>
I've tried adding that hidden input to re-direct but it hasn't worked from me, would appreciate any help! Thanks!
Did you forget to look at the plugin settings?
Navigate to Mailchimp for WP > forms, scroll down to "Redirect to URL after successful sign-ups".
I've create a RSS submission form and I want to show in the input box something like Enter your email here...., and when they click on it that message should be disappear and they can put their email in the box.
Here is the code I'm using at the moment
<div id="RSS">
<form action="http://feedburner.google.com/fb/a/mailverify" class="RSS" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=RSS', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true">
<input type="hidden" name="uri" value="RSS">
<input type="hidden" name="loc" value="en_US">
<input name="email" id="RSS-text" type="text" maxlength="100" style="width:160px !important" value="Enter your email address..." class=""><button type="submit" id="RSS-button">Subscribe</button>
</form>
</div>
The problem is that it doesn't disappear when someone click on it, and I saw many forms including my search form it can be done that way.
You can use the placeholder attribute, but it doesn't support IE:
<input type="text" placeholder="Enter your text here..." />
Otherwise you can use a bit of javascript:
<input type="text" onfocus="if(this.value=='Enter your text here...') this.value='';" onblur="if(this.value=='') this.value='Enter your text here...';" value="Enter your text here..." />
I need to incorporate a "Search" feature within my WordPress CMS site that I am currently developing and was hoping to attach this feature/plugin to the following piece of code and unsure how to do this in WordPress, i.e.:
<div id="search_box">
<form method="get" action="/search" id="form">
<input name="white_box" type="text" class="search" value="Search site" size="19" maxlength="80" id="white_box" onfocus="if (this.value=='Search site') this.value = ''"/>
<input name="submit" type="image" class="submit" value="submit" src="images/search_btn.jpg" />
</form>
</div>
I basically want to incorporate a "Search" feature on my site.
#Tonsils you may use any of below ready-to-use WordPress plugins depends on your requirement...
Use Relevanssi Plugin for Multilingual Support
http://wordpress.org/extend/plugins/relevanssi/
Use WPSearch for well behave custom Search
http://wordpress.org/extend/plugins/wpsearch/
Use Search-Everything for all type of Content Search
http://wordpress.org/extend/plugins/search-everything/
This a very basic WordPress search form. See the difference in the form action URL?
<form method="get" id="searchform" action="<?php bloginfo('home'); ?>/">
<input type="text" size="14" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" class="s" />
<input type="submit" id="searchsubmit" value="<?php _e('GO'); ?>" />
</form>