You are here: Foswiki>Tasks Web>Item11179 (30 Nov 2011, HolgerHain)Edit Attach

Item11179: form save impossible directly after login

pencil
Priority: Urgent
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: FormPlugin
Branches:
Reported By: HolgerHain
Waiting For:
Last Change By: HolgerHain
When I login on a topic containing a form to write into any topic, submitting this form from an URL ...?validation_key=xxx results in a confirmation required warning. Even if I confirm that this change was intentional there is no write action.

I therefore checked the POST and realised that in this case two elements named validation_key are submitted the first containing something like ?2aece4565e9c6d4dcfdfd0bee550ad13 and the second something similar withour the question mark (what I would expect)

-- HolgerHain - 11 Oct 2011

Can you please describe a bit more detail some exact steps to recreate this problem? Are you able to recreate on Foswiki.org?

-- GeorgeClark - 12 Oct 2011

A Form example is the use of FormPlugin and CommentPlugin to create a list of holidays:

<verbatim style="display: none;">
%TMPL:DEF{PROMPT:holiday_data}%
<div class="foswikiFormSteps">
<div class="foswikiFormStep">
<input type="hidden" name="comment_action" value="save" />
<input type="hidden" name="comment_type" value="holiday_data" />
<input type="hidden" name="comment_templatetopic" value="%WEB%.%TOPIC%"  />
%FORMELEMENT{
   name="Who"
   type="text"
   title="Who:"
   validate="nonempty"
   default="%FORMFIELD{"FirstName" topic="%WIKIUSERNAME%"}%"
   mandatory="on"
   hint="First name or like written in HolidayList"
}%
%FORMELEMENT{
   name="From"
   type="date"
   dateformat="%d %b %Y"
   size="9"
   title="Start Date:"
   disabled="%IF{"$WIKINAME='WikiGuest'" then="on" else="off"}%"
   validate="nonempty"
   mandatory="on"
}%
%FORMELEMENT{
   name="Until"
   type="date"
   dateformat="%d %b %Y"
   size="9"
   title="End Date:"
   disabled="%IF{"$WIKINAME='WikiGuest'" then="on" else="off"}%"
}%
%FORMELEMENT{
   name="Occasion"
   type="text"
   title="Occasion for holidays (optional):"
   beforeclick="Holidays"
   default="Holidays"
   validate="nonempty"
}%
%FORMELEMENT{
   name="Icon"
   type="text"
   beforeclick="8-)"
   default="8-)"
   hint="Enter a [[System.SmiliesPlugin][Smilie]], like e.g. =:-)= or an [[System/DocumentGraphics][Icon]], like e.g. % ICON{wip} % (without the spaces)"
   title="Smilie or Icon (optional):"
}%
%FORMELEMENT{
   name="comment_from_date"
   type="hidden"
   default="$From"
   condition="$From=nonempty"
}%
%FORMELEMENT{
   name="comment_to_date"
   type="hidden"
   default=" - $Until"
   condition="$Until=nonempty"
}%
%FORMELEMENT{
   name="comment_who"
   type="hidden"
   default=" - $Who"
   condition="$Who=nonempty"
}%
%FORMELEMENT{
   name="comment_occasion"
   type="hidden"
   default=" - $Occasion"
   condition="$Occasion=nonempty"
}%
%FORMELEMENT{
   name="comment_icon"
   type="hidden"
   default=" - $Icon"
   condition="$Icon=nonempty"
}%
%FORMELEMENT{
   name="action33"
   type="submit"
   buttonlabel="Add my dates"
   disabled="%IF{"$WIKINAME='WikiGuest'" then="on" else="off"}%"
}% %IF{"$WIKINAME='WikiGuest'" then="<em>Log in to add your dates</em>"}%
</div>
</div>
%TMPL:END%
%TMPL:DEF{OUTPUT:holiday_data}%   * %URLPARAM{"comment_from_date"}%%URLPARAM{"comment_to_date"}%%URLPARAM{"comment_who"}%%URLPARAM{"comment_occasion"}%%URLPARAM{"comment_icon"}%
%POS:AFTER%%TMPL:END%
</verbatim>

---+++ New Entry
%STARTFORM{
name="holiday_data"
action="save"
topic="%WEB%.%TOPIC%"
anchor="NewData"
strictverification="off"
}%


%<nop>COMMENT{type="holiday_data" noform="on" templatetopic="%WEB%.%TOPIC%"}%

Directly after a sucessful login on the wiki page, the URL showed ist .../Topic?validation_key=b7d7ac6cf19266a4c552a23f3c669db6. The next step is to fill out the form and submit it (without change of the URL).

Submitting the form results in an POST with two elements called validation_key where the first one begins with a question mark (?) and the latter one contains the above validation key (for the login I guess). The I get displayed the warning which is also displayed after a repeated edit using the back function of the browser. Whatever button I choose as a result no change is made to the topic. So I have to fill in the form again. The biggest problem with that is, that our normal user does not think about a retry - for them the form simply does not work.

This error was only observed for direct write action after a login using checked data. In our cases this included a form using FormPlugin

-- HolgerHain - 12 Oct 2011

I think I have a possible fix, but I'm having trouble getting the FormPlugin to work for me. Do you have the environment where you could test the following patch? In the code that processes the existing url parameters, bypass adding any old validation_key into the new querystring.

Note I disabled the comment macro in the verbatim block - comments were being posted into your verbatim block. Also this appears to be a bug in the FormPlugin which is adding all existing urlparams into the new query string.

diff --git a/FormPlugin/lib/Foswiki/Plugins/FormPlugin/FormData.pm b/FormPlugin/lib/Foswiki/Plugins/FormPlugin/FormData.pm
index 08e468c..fdd8a2e 100644
--- a/FormPlugin/lib/Foswiki/Plugins/FormPlugin/FormData.pm
+++ b/FormPlugin/lib/Foswiki/Plugins/FormPlugin/FormData.pm
@@ -241,6 +241,7 @@ sub _urlParams {
         foreach my $part (@parts) {
             if ( $part =~ m/^(.*?)\=(.*?)$/ ) {
                 my $key = $1;
+                next if ( $key eq 'validation_key' ); # Don't pass through the previous validation_key
 
                 # retrieve value from param
                 my $value = $query->url_param($key);

-- GeorgeClark - 13 Oct 2011

Arthur, this code does seem to eliminate the extra valdiation_key from the post input, but I don't know if there are other side effects.

-- GeorgeClark - 13 Oct 2011

At the moment we do not have a test enviroment for this patch. Probably we can set one up until November.

-- HolgerHain - 17 Oct 2011

George, hero! This solves a bunch of problems.

-- ArthurClemens - 26 Oct 2011

I've uploaded a new version of the plugin.

-- ArthurClemens - 27 Oct 2011

Since the last update of the plugin this problem is solved. Thanks.

-- HolgerHain - 30 Nov 2011

 

ItemTemplate edit

Summary form save impossible directly after login
ReportedBy HolgerHain
Codebase trunk
SVN Range Foswiki-1.1.3, Sat, 16 Apr 2011, build 11475
AppliesTo Extension
Component FormPlugin
Priority Urgent
CurrentState Closed
WaitingFor
Checkins FormPlugin:d7ae83a70c9f
TargetRelease n/a
ReleasedIn n/a
trunkCheckins
Release01x01Checkins
Topic revision: r10 - 30 Nov 2011, HolgerHain
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy