Hi.
I am using a hidden field to pass to formmail empty optional fields if the users let them blank.
The problem is that when a user fills out one of these optional fields the hidden values adds up to the user specified value.
example:
I believe you are thinking about the problem backwards. Use a server side script (perl, python, php, ruby, etc.) to determine whether the form field was left blank, then send whatever value you want to your utility.
The other option is to use javascript on the client side to intercept the form before it is sent to the server, and then use javascript to assign whatever value you want to the form field.
Though be aware that someone like me would slip through that— I don’t get hit by JS validation cause I have it off. It would have to be a “nice extra” regarding form validation.
I believe you are thinking about the problem backwards. Use a server side script (perl, python, php, ruby, etc.) to determine whether the form field was left blank, then send whatever value you want to your utility.
The other option is to use javascript on the client side to intercept the form before it is sent to the server, and then use javascript to assign whatever value you want to the form field.
I’m already using a perl script to submit the form data and javascript to perform form validation. I’m speaking about optional fields.
I would like an answer for the server side part of coding. That’s why I started this thread here. I hope somebody can tell me how do that server side in perl.
Probably because since you have two ‘foo’ fields, the param data arriving at formmail.pl is an array.
$params{foo} = ['not specified','Hello'] #pseudo, not sure if this is the actual internal representation
When an array is printed
print "@array"
you end up with a space-separated string of items.
You’d probably have to patch your formmail.pl to prevent against this. I’ve not looked at its internals.
Hard to see from here - I have no idea what code is handling your cgi parameter untainting and such. I would filter this at the part where you start processing the parameters sent to your backend.
Let’s say your default ‘undef’ string is “not specified”, then you could do
#pseudo!
foreach my $param ( keys %cgi_params ) {
$cgi_params{$param} = ref $param eq 'ARRAY' # is this an arrayref
? grep $_ != 'not specified', @$param #filter out all items that are not 'undef', should be 1 item
: $param # what we expected
;
}
which should make you end up with $cgi_params{foo} being ‘Hello’, from the previous post.
I hope this points you in the right direction. Otherwise feel free to PM me with more code so I can flesh out how your backend works.