Home › Support › Bug Reports
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
Forms Field CAPTCHA
The documentation for the Forms module is absolutely wrong for how to manually echo the CATPCHA.
The docs say
"Special Hidden Fields
If you are using your own HTML code, you may need to include 2 additional hidden fields with values—return_url and form_url. There is also an "__antispam__" field that automatically gets generated and can be outputted automatically. Below is an example of what you can include in your own blocks.
...
<?=$__antispam___field?>
"
It took us far longer than it should have to solve this. First there's the '"__antispam__" field' part. So we thought it was a variable of __antispam__ then we noticed $__antispam___field has three underscores between antispam and field. So we tried with three underscores. We tried with 'field', without 'field' both with two and three underscores. Finally we found and looped the $fields variable that has '__antispam__' to then find out it had a property 'field'.
<?php echo $fields['__antispam__']['field']; ?>
Fix your documentation please.
The docs say
"Special Hidden Fields
If you are using your own HTML code, you may need to include 2 additional hidden fields with values—return_url and form_url. There is also an "__antispam__" field that automatically gets generated and can be outputted automatically. Below is an example of what you can include in your own blocks.
...
<?=$__antispam___field?>
"
It took us far longer than it should have to solve this. First there's the '"__antispam__" field' part. So we thought it was a variable of __antispam__ then we noticed $__antispam___field has three underscores between antispam and field. So we tried with three underscores. We tried with 'field', without 'field' both with two and three underscores. Finally we found and looped the $fields variable that has '__antispam__' to then find out it had a property 'field'.
<?php echo $fields['__antispam__']['field']; ?>
Fix your documentation please.
Comments
.... 'anti_spam_method' => array('method' => 'recaptcha', 'recaptcha_public_key' => 'xxx', 'recaptcha_private_key' => 'xxx', 'theme' => 'white'), 'block_view' => 'forms/contact-form', ...Then in the form's associated view file that in my case was located in 'fuel/application/views/_blocks/forms/contact-form', the following was added which outputted the reCaptcha HTML (and it included the 3 underscores):
<?=$__antispam___field?>There are several ways to generate the HTML for the form. The first option is to use "auto" which will use the Form_builder class to generate the form based on the fields you've specified. Fields can be specified in the CMS or passed in under the 'fields' parameter as demonstrated in the above example. The second option is to use a block view and the third is to simply use an HTML string. In both cases, you will automatically have several variables passed to it included a $fields array which contains an array of all the the rendered fields, their labels, and their "key" values."
We didn't set anything in the config file, set the block view through the CMS and told it to use reCAPTCHA. We have a static block with all of the HTML already in the view. We don't rely on the form generated fields because our client wants a very specific layout, so we can't just loop through and create a linear page. When we tried adding the captcha at the end through the variable listed above that variable did not exist. It took some looking to find that it was in in the $fields array mentioned in the 'Customizing the HTML' section.
To note, we dumped all the defined variables to the page and none of the fields were in the dump.