Author Topic: mpForm  (Read 6620 times)

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
mpForm
« on: July 18, 2015, 10:30:24 PM »
Hi,

due to the new forum rules I'm starting a new thread here. In the previous version (1.1.10) of mpform my security fixes were a bit overshooting. The settings were already properly escaped before writing them to the database. My additional escaping lead to the behavior that all quotes were prefixed by backslashes after saving the settings. I'm sorry about that. Here is an updated version which corrects this regression of the previous version Any feedback is welcome.

Martin

Offline nibz

  • Posts: 683
  • Gender: Male
Re: mpForm
« Reply #1 on: July 19, 2015, 02:01:18 AM »
I will update my repo tomorrow

regards Nibz

Offline nibz

  • Posts: 683
  • Gender: Male
Re: mpForm
« Reply #2 on: July 19, 2015, 10:47:34 PM »
Updated the module on the github repo to the latest version.
Thanks to Martin for his work!

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
a beta-version of a new mpform
« Reply #3 on: July 23, 2015, 12:35:05 AM »
Hi,

I got some feedback on mpform here:
http://forum.WebsiteBaker.org/index.php/topic,28504.0.html
and here:
http://forum.WebsiteBaker.org/index.php/topic,24617.0.html

now I have prepared a new version where some of the wishes are incorporated.
The most important change is that in upload-fields you may select multiple files. They are all uploaded at once.
The setting for the maximum file size has two meanings here:
- a single file may not be larger than that value
- files are uploaded and copied to the media folder until that much space is used up (actually a bit more, because I don't delete files already copied).
However the total amount of uploaded data is limited by the global php setting of post_max_size.

apart from this, if several upload boxes are displayed on one page, the maximum file size and allowed file types are displayed only once on a single form page. This might not be that interesting anymore, since I could already implement the multiple-files upload mentioned before.

The formatting of that hint was a hard-coded style setting which I have moved into the css file, so that it can be easily adjusted from the backend.

the next item on the wishlist would be that it's possible to temporarily disable individual fields. I would look for a solution to that, as well. Anyhow, I'd attach the current state of the module and would be happy if someone could test if the newly implemented features are working with all platforms / php versions / browsers that you are using in the field.

Martin

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
another beta for mpForm
« Reply #4 on: July 24, 2015, 12:37:31 AM »
got some feedback again from dbs here
http://forum.WebsiteBaker.org/index.php/topic,28504.0/topicseen.html

and it took me ages to find out what goes wrong. I finally found that pear doesn't support array structures for $_FILES that deep. So, either you can use multiple upload fields on one page, or you can use multiple files in one form. We are still lucky: pear just picks the first entry (i.e. the first form field). So, after having these files uploaded, we can drop the first entry and present pear with the outcome of the next form field :-)
I also added some minor fixes, print out more error messages rather than silently ignore all files that go beyond the limit. And I have renamed the upload_one_file function, just in case the same name appears somewhere else and since I had to change the number of parameters I decided also to change the name, just to be sure that we call the right one.

I have attached another beta if you like to test it

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Update: mpForm
« Reply #5 on: July 27, 2015, 08:55:23 PM »
Hi,

here is the latest version 1.1.12 of mpform. You probably have seen the beta versions which I have posted here - I was working on a solution to allow uploading multiple files with a single upload box. In the latest beta version I still had a few bugs with the order of the array indexes.
Also I have lined up the field names with the upload fields now and fixed a little issue in the css file.

Martin

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Update: mpForm
« Reply #6 on: July 28, 2015, 07:59:38 PM »
Hi,

another minor upgrade: I have fixed two issues with the way the help messages and buttons are displayed.
These were reported by dbs here http://forum.WebsiteBaker.org/index.php/topic,28504.msg199752.html#msg199752

Edit: oops, one of the issues is not yet fixed. I have to look again.  I'll post another version later.

cheers, Martin
« Last Edit: July 28, 2015, 08:13:05 PM by Martin Hecht »

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Update: mpForm
« Reply #7 on: July 28, 2015, 08:28:05 PM »
Edit: oops, one of the issues is not yet fixed. I have to look again.  I'll post another version later.

ok, now here it is... just after the time limit for editing my previous post once more has expired ;-)

so, this is the fixed version 1.1.13. The problem was, when you have several help buttons (the little question marks) and you click around on them, it could happen that the help message was displayed with one row offset in the table. I hope I have fixed this for all combinations of clicks now. :-)

Martin

Offline Hans

  • Posts: 912
  • Gender: Male
Re: mpForm
« Reply #8 on: July 28, 2015, 08:43:46 PM »
Thanks a lot, Martin!
Hans - Nijmegen - The Netherlands

Offline nibz

  • Posts: 683
  • Gender: Male
Re: mpForm
« Reply #9 on: July 28, 2015, 08:51:58 PM »

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Update: mpForm
« Reply #10 on: July 29, 2015, 08:48:16 AM »
Hello again,

one feature request which was still on my agenda:
dbs proposed that it would be good to have the ability to disable some fields temporarily. This would allow you to prepare fields in the backend without showing them to the visitors of your page. Later, when you are ready to publicly show them, you would just enable them.

This is included in 1.1.14 now. I decided to have the fields 'active' when they are created (because that is how it has always been and many people are familiar with this behavior). However, when you have created a field, you are taken to the page where you can modify the freshly created field. Just check the new checkbox there to disable the field if you wish to do so and save the field again. It's a matter of a second perhaps, and you can continue preparing things (adding help text and so on), without showing it publicly until you are ready.

Ah, and by the way, in the backend disabled fields are shown with a gray star, and optional ones have a green star, now.

I was surprised myself how easy it was to include this into the existing code. I didn't even have to change the database structure.  If I knew that before, I would have put this and yesterday's fixes together in one release :-) However, this way I'm proud to present another update after 12 hours roughly. Now, I'm done with the list of bug reports and feature requests.

Martin

Offline nibz

  • Posts: 683
  • Gender: Male
Re: mpForm
« Reply #11 on: August 11, 2015, 07:42:31 AM »
Updated the github repo.

Sorry Martin for the delay, i completely missed your last post ;).

Offline Ruud

  • Posts: 3642
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: mpForm
« Reply #12 on: December 03, 2015, 11:45:10 PM »
Just found a bug in the evalform.php

Looking back, since version 1.1.10 there is an " } else { " part missing after the " } elseif (!is_array($post_field)) { " block (line 416 in 1.1.14).
This makes that checkboxes (array of post data) is not seen anymore.

Since the customer was in a hurry (busy website) I fixed it by replacing evalform.php with a version 1.1.9 and did not look for a real fix.
The maintainers of the mod should have a look though :)




Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Re: mpForm
« Reply #13 on: December 04, 2015, 10:27:25 AM »
Hi Ruud,

I'm sorry, but I can't find the place where you are missing some code. The genreral else-section (which starts with a line
//$email_body .= $field['title'].": \n";
that's commented out in both versions (1.1.14 and 1.1.9) is still there. The else-section at the end of the branch
elseif (!is_array($post_field))
where the database connection is made has been moved into mpform_escape_strin g() which is a wrapper function that does exactly the different types of connections depending on the wb-version.
which version of wb and php is this, where you are seeing this problem?

cheers, Martin

Offline Ruud

  • Posts: 3642
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: mpForm
« Reply #14 on: December 04, 2015, 10:50:26 AM »
Ok, looked at the 1.1.14 code again and now I found the missing } else {. It was way "off screen" at the very end of line 434 (probably a lf - cr/lf editor issue)

The problem was that the form in question has 3 checkbox groups setup, and after upgrading (on WB283SP4) to 1.1.14 the selected checkboxes were not in the mail.
The mpform upgrade was necessary because the site upgraded tot SP4. The PHP version on that site is currently 5.3.29.

With the evalform.php from 1.1.9 it just works fine.
That one has fixes for MySQLi - so basically it is fine - but just no using the new wrapper.
I have no time to go deeper into the problem, so that's why I just reported it here.

Maybe a part of the problem is that the checkbox values all have the euro sign ( € ) in them??

Online jacobi22

  • Posts: 5278
  • Gender: Male
  • Support also via PM or EMail
    • Jacobi22
Re: mpForm
« Reply #15 on: December 05, 2015, 02:55:42 PM »
found a bug in vers 1.1.14 (Vers from the addon area here)

view_submission.php  // line 104
the file delete_submission.p hp needs a IDKey for the submission_id, its not set in view_submission.php  // line 104
see: submission_id=<?php echo $admin->getIDKEY($submission_id); ?>

Originalcode
Code: [Select]
<button class="" onclick="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo $sModuleUrl?>/delete_submission.php?page_id=<?php
                
echo $page_id?>
&section_id=<?php echo $section_id?>&submission_id=<?php
                
echo $submission_id?>
');"><img src="<?php echo $sIconDir?>/delete.png" alt="" width="16" height="16" border="0" /> <?php echo $TEXT['DELETE']; ?></button>

solved with
Code: [Select]
<button class="" onclick="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo $sModuleUrl?>/delete_submission.php?page_id=<?php
                
echo $page_id?>
&section_id=<?php echo $section_id?>&submission_id=<?php echo $admin->getIDKEY($submission_id); ?>');"><img src="<?php echo $sIconDir?>/delete.png" alt="" width="16" height="16" border="0" /> <?php echo $TEXT['DELETE']; ?></button>


P.S: the most Back-URL's in the ID-Check show a wrong target, go's to ADMIN-URL, not to ADMIN_URL.'/pages/modify.php?page_id='.(int)$page_id

example:
Code: [Select]
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
can be

Code: [Select]
$backlink = ADMIN_URL.'/pages/modify.php?page_id='.(int)$page_id;
        if (!$submission_id) {
                $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $backlink);
                exit();
        }
« Last Edit: December 05, 2015, 03:10:25 PM by jacobi22 »
Probleme sind da, um sie zu lösen, nicht, um nach Ausreden zu suchen.

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Re: mpForm
« Reply #16 on: December 05, 2015, 06:53:46 PM »
Thanks to Jacobi22,

I have updated my sources and I'll come up with a new version once I have fixed the problem which Ruud has reported (thanks to him, too).
I believe that I understand what's the problem, now, but I have to do some more analysis.

Martin

Online jacobi22

  • Posts: 5278
  • Gender: Male
  • Support also via PM or EMail
    • Jacobi22
Re: mpForm
« Reply #17 on: December 05, 2015, 07:16:03 PM »
Quote from: martin
I have updated my sources and I'll come up with a new version.....

is it possible, to add a field, called "position" in the database table mod_mpform_submissi ons?

if you delete a submission via ajax, the ajax.php start's a re-order of the submissions, based on the not existing position-field
see ajax.php, case 'delete_record', line 116ff
Probleme sind da, um sie zu lösen, nicht, um nach Ausreden zu suchen.

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Re: mpForm
« Reply #18 on: December 06, 2015, 04:40:33 PM »
what would "position" contain then? And what should it be used for? Probably for ordering the posts... Maybe the current submission ID would be ok for this and we should just drop the "re-ordering" inside ajax? (at least as long as we don't support moving posts up and down)

Online jacobi22

  • Posts: 5278
  • Gender: Male
  • Support also via PM or EMail
    • Jacobi22
Re: mpForm
« Reply #19 on: December 06, 2015, 05:09:21 PM »
Quote
Maybe the current submission ID would be ok for this and we should just drop the "re-ordering" inside ajax?
the Script (ajax.php) submitted a field called "position" in line 117  :wink:
Code: [Select]
$order = new order($sDbRecordTable, 'position', $sDbColumn, 'section_id');
and the next function in line 118
Code: [Select]
$order->clean($_POST['iSectionID']);starts a reorg, depending on the (field) submission_id

submissions_id is a auto_increment-field and the primary key, i think, its not a good idea, to rewrite the submissions_id in a clean-progress, so a position-field looks like a good and fast solution for that

i'm not sure, if somebody needs a function to change the order of the submissions in the backend, so you dont need a function to change it in the submissions_output_ table (move up, move down), but it solve'd the problems intern
Probleme sind da, um sie zu lösen, nicht, um nach Ausreden zu suchen.

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Re: mpForm
« Reply #20 on: December 08, 2015, 03:06:27 PM »
I'm sorry, I didn't understand your initial request to add the field. My first solution to skip the reordering doesn't work either, because that code is used for both, submissions and form fields, if I understood it correctly now. So, the solution would in fact be to introduce a new column, called "position", probably auto-increment as well, just to satisfy the ajax code which would do a re-ordering here. I put it on my todo-list together with a few other minor bug fixes that I have collected during the last days. Thanks for pointing me to this issue.

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
mpForm Update pre release
« Reply #21 on: December 12, 2015, 01:07:08 AM »
Hello,

I have a pre-release for an update of mpform 1.1.15 ready. SInce there are quite a number of fixes and code changes, It would be great if some of you could test this package.

The changes are:

- A the ftan bug when deleting submissions which was reported by jacobi22 is fixed , thanks to him
- The backlinks for the print_error calls now should point back to the specific page, thanks again to jacobi22 for reporting
- Old calls to get_error() are replaced by the use of the database class, thanks to ruud for reporting this issue
- Check boxes, radio buttons and select lists were not terminated correctly. This is also fixed. This might have been the cause for the problems which ruud has experienced at a customers site (depending which browser is used). Thanks again to ruud for his attempts to debug this issue, even if we could never pin down the exact conditions for the missing selections in the submissions.
- With this version emails are not sent anymore if private_function_be fore_email returns false. Thanks to hansis100 for reporting this unexpected behavior.
- For those of you who were relying on this as a feature I have  introduced a private_function_af ter_email. Just move the code which would return false and stop further processing there, and you will still get notifications by email, but no entries in the submission table.
- You can specify a distinct value for checkboxes, radio buttons and select lists, now which differs from the text shown to the user. To do so, I have introduced a separator string which is adjustable in the advanced options. For instance you can have a value of "50" and a label at the radio button, which reads "50 €". Just enter both, the value and the label, separated by the current separator string. This was a feature request by hansis100.
BTW the default separator string is "&#0;" just to ensure that existing pages are not screwed up by this change. However, as I mentioned, you can choose a more convenient separator string if you like.
- Also discussed here, I have added a column called "position" to the submissions table to satisfy the ajax delete function. Thanks to jacobi22 for spotting this problem and for reporting and explainig it to me.
- Another fix for better handling html special characters inside options is included.

I have attached the pre-release to this post. (the version number after my testing is currently 1.1.14.20)

Cheers, Martin

Online jacobi22

  • Posts: 5278
  • Gender: Male
  • Support also via PM or EMail
    • Jacobi22
Re: mpForm
« Reply #22 on: December 12, 2015, 09:53:14 AM »
install.php // Ln 79 + upgrade.php // Ln79
Exception: "BLOB/TEXT column 'value_option_separator' can't have a default value"

module doesnt work is mysql strict mode, it doesnt possible to send empty fields  (maybe a not required field is empty)
a new form-post was added to the submission-table, but not to the request-table - All fields without a default value needs a definition in the table-insert

Quote
I'm sorry, I didn't understand your initial request to add the field
its solved now, but i read your question to late, here the answer:
after delete a submission, the ajax.php starts a reorg of the submission-table, based on the common-field called "position"
WB 2.8.3 has no problems,  if there is no position-field in the table and if the debug-mode is off, but its crashed with the debug-mode == on.
P.S.: and also the WB 2.8.4 crash

Probleme sind da, um sie zu lösen, nicht, um nach Ausreden zu suchen.

Offline Martin Hecht

  • Betatester
  • **
  • Posts: 558
  • Gender: Male
    • meine Homepage
Re: mpForm
« Reply #23 on: December 12, 2015, 08:48:43 PM »
Hello jacobi22,

thank you for testing. It seems your sql is more strict than mine ;-)
install.php // Ln 79 + upgrade.php // Ln79
Exception: "BLOB/TEXT column 'value_option_separator' can't have a default value"
ok, I have changed it to a VARCHAR so I can set DEFAULT values.

Quote
module doesnt work is mysql strict mode, it doesnt possible to send empty fields  (maybe a not required field is empty)
is this something new? You are talking about the frontend, right? So I should add some code that inserts default values for all empty fields which might be an empty string for instance...

Quote
a new form-post was added to the submission-table, but not to the request-table - All fields without a default value needs a definition in the table-insert
and could you be more precise about the request-table? I have difficulties to understand what I should change in the code.

thanks, Martin

Online jacobi22

  • Posts: 5278
  • Gender: Male
  • Support also via PM or EMail
    • Jacobi22
Re: mpForm
« Reply #24 on: December 13, 2015, 12:17:32 AM »
Quote from: jacobi22
a new form-post was added to the submission-table, but not to the request-table - All fields without a default value needs a definition in the table-insert
and could you be more precise about the request-table? I have difficulties to understand what I should change in the code.

take a look into the database table mod_mpform_results_ Section_id. in my test-form i have a
required field - type short text
optional email field
2 fields type date
1 longtext
1 selectfield with 3 options
1 controll-box field with 3 options
and some more short text fields


for every used field (in the frontend), you have a field in the database table, called field 2 - field 14 in my example
database field type is TEXT Not Default



Here is the INSERT after send (evalform.php // LN 649)
Code: [Select]
$qs = "INSERT INTO ".TABLE_PREFIX."mod_mpform_results_$suffix (session_id, started_when, referer) VALUES ('$us', '$started_when', '". $_SESSION['href'] ."')";
the script say's: if i've here a error in the INSERT, stop and set succsess to false

the INSERT doenst use the fields and because of that, i have errors like this in the strict mode
Quote
Field 'field2' doesn't have a default value

the insert for the fields comes in the next step via this code in line 660
Code: [Select]
$qs = "UPDATE ".TABLE_PREFIX."mod_mpform_results_$suffix SET ". str_replace($lf, " ", $felder) ." WHERE session_id = '$us' LIMIT 1";
take a look into the form module to see the way (read the table structure from the result_table and compare table fields with POST-Array ) :wink:
Probleme sind da, um sie zu lösen, nicht, um nach Ausreden zu suchen.