Remove text string from field value - formmail

Python, Perl and Golang Python
1

Hi.
I am using a hidden field to pass to formmail empty optional fields if the users let them blank.
The problem is that when a user fills out one of these optional fields the hidden values adds up to the user specified value.
example:

<input type="hidden" name="foo" value="not specified" />
<input type="text" name="foo" value="" />

results in

foo: not specified

when the user leaves the field blank; if the user fills out the field with the value “Hello”, the final submitted value is:

foo: not specified Hello

How to remove the “not specified” string from user specified values and leave it just for empty submissions?

Thanks in advance!

2

I believe you are thinking about the problem backwards. Use a server side script (perl, python, php, ruby, etc.) to determine whether the form field was left blank, then send whatever value you want to your utility.

The other option is to use javascript on the client side to intercept the form before it is sent to the server, and then use javascript to assign whatever value you want to the form field.

3

Though be aware that someone like me would slip through that— I don’t get hit by JS validation cause I have it off. It would have to be a “nice extra” regarding form validation.

4

I believe you are thinking about the problem backwards. Use a server side script (perl, python, php, ruby, etc.) to determine whether the form field was left blank, then send whatever value you want to your utility.

The other option is to use javascript on the client side to intercept the form before it is sent to the server, and then use javascript to assign whatever value you want to the form field.

I’m already using a perl script to submit the form data and javascript to perform form validation. I’m speaking about optional fields.
I would like an answer for the server side part of coding. That’s why I started this thread here. I hope somebody can tell me how do that server side in perl.

5

Probably because since you have two ‘foo’ fields, the param data arriving at formmail.pl is an array.

$params{foo} = ['not specified','Hello'] #pseudo, not sure if this is the actual internal representation

When an array is printed

 print "@array"

you end up with a space-separated string of items.
You’d probably have to patch your formmail.pl to prevent against this. I’ve not looked at its internals.

6

Hi, Jawsoflife. Thanks for the hint.

How can I modify the code below in a way that if $name= “foo” only the second parameter is sent if this is not empty?

subroutine building main email field:

sub send_main_email_field {
  my ($self, $name, $value) = @_;
 
  my ($prefix, $line) = $self->build_main_email_field($name, $value);

  my $nl = ($self->{CFG}{double_spacing} ? "\
" : "\
");
  if ($self->{CFG}{wrap_text} and length("$prefix$line") >  $self->email_wrap_columns) {
    $self->mailer->print( $self->wrap_field_for_email($prefix,  $line) . $nl );
  }
  else {
    $self->mailer->print("$prefix$line$nl");
  }
}

where this is the subroutine returning name and value pairs:

sub build_main_email_field {
  my ($self, $name, $value) = @_;
  return ("$name:  ", $value);
}

Thanks in advance!

7

Hard to see from here - I have no idea what code is handling your cgi parameter untainting and such. I would filter this at the part where you start processing the parameters sent to your backend.

Let’s say your default ‘undef’ string is “not specified”, then you could do


#pseudo!
foreach my $param ( keys &#37;cgi_params ) {
    $cgi_params{$param} = ref $param eq 'ARRAY' # is this an arrayref
        ? grep $_ != 'not specified', @$param #filter out all items that are not 'undef', should be 1 item
        : $param # what we expected
    ;
}

which should make you end up with $cgi_params{foo} being ‘Hello’, from the previous post.

I hope this points you in the right direction. Otherwise feel free to PM me with more code so I can flesh out how your backend works.

Best of luck!