Badhandler Problems

[Jacob]

Hi!
I have a problem with my form: www.stiligt.se/stila.html. The badhandler-script only saves the teckensnittsnamn-field and not the realname nor the email fields.

I also want to include the file-field and the radiobuttons in the badhandler-script but i can't figure out how to do.
Thanks /Jacob

[russellr]

Hi,

For the "file" field, forget it - it's a security feature of browsers that prevent you from ever setting this value inside a form. Any "value=" attribute is just ignored. I think the reason is to prevent malicious websites from secretly uploading files from people's computers.

For your "sort" field, you have the name wrong. A checkbox field would be named "sort[]" but a radio field is just "sort".

For the "realname" and "email" fields, this is a security feature of FormMail. It won't provide any special fields back to the bad handler.

The reason for this is that an attacker could use your bad handler to set values for special fields that you don't want changed (e.g. subject, recipients, etc.).

In actual fact, we're thinking about this more and it's probably a lame idea. We might remove this restriction in a later version.

To workaround this security feature, you need to use derived fields.

Here's how:

1. Rename "realname" to "username".
2. Rename "email" to "useremail".
3. Add the following hidden field to your form:

Code:

<input type="hidden" name="derive_fields"
	  value="realname=username,email=useremail" />

[Jacob]

Weiiiii, it works!
You are phenomenal!
Thanks man!

Ehm.... One question - what is that "/" before the ">" about?

<input type="hidden" name="derive_fields"
value="realname=username,email=useremail" />

[russellr]

Hi,

That's great news!

Ehm.... One question - what is that "/" before the ">" about?

We're gradually making all of our scripts XHTML compliant.

XHTML requires that stand-alone tags are terminated. So, in XHTML it's valid to write:

Code:

<p></p>
<p></p>

and

Code:

<p />
<p />

but not:

Code:

<p>
<p>