Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WPForms AJAX forms aren't validated by WordPress Zero Spam #238

Closed
bmarshall511 opened this issue Feb 25, 2021 · 5 comments
Closed

WPForms AJAX forms aren't validated by WordPress Zero Spam #238

bmarshall511 opened this issue Feb 25, 2021 · 5 comments
Labels
bug

Comments

@bmarshall511
Copy link
Collaborator

Original issue: https://wordpress.org/support/topic/wp-forms-plugin/

The issue is, it doesn't appear WPForms uses the same hooks to validate fields when AJAX is turned on. I've gone through their documented hooks (https://wpforms.com/developers/categories/actions/) and related ones to fire when submitted through AJAX.

They do have do JS triggers (found this https://causier.co.uk/2021/02/hooking-into-wpforms-ajax-submission-workflow-for-custom-event-handling/) that could be used, but even those don't appear to allow you to alter validation.

Also tried @jaredatch's example here: https://gist.github.com/jaredatch/def524c06d13cbb06c33da596c47eb48, but neither the wpforms_process_validate_text or in this case wpforms_process_validate_hidden fires.

Need to find a solution to alter the response from WPForms AJAX submission and hook into validation on the backend to verify the hidden field zero spam injects.
@bmarshall511
Copy link
Collaborator Author

@jaredatch Think you could take a stab at it?

@bmarshall511 bmarshall511 changed the title WPForms AJAX forms are validated by WordPress Zero Spam WPForms AJAX forms aren't validated by WordPress Zero Spam Feb 25, 2021
@jaredatch
Copy link
Contributor

I'm not familiar with the latest version/rewrite of WPZS?

What's the best way to debug this? Activate WPZS, create new form with AJAX submit, fill in honeypot field, and then submit?

@bmarshall511
Copy link
Collaborator Author

@jaredatch It's similar to the last. For WPForms, there's a class-wpforms.php in the modules directory. That's where all the magic happens for WPForms submissions. Just need to figure out what hook to run for AJAX submissions. I've tried several, can't get any of them to fire though.

@jaredatch
Copy link
Contributor

The issue is with this conditional in the construct.

https://github.com/bmarshall511/wordpress-zero-spam/blob/master/modules/wpforms/class-wpforms.php#L27

Specifically, Access::process() returns false for is_admin(), but all AJAX requests going with admin-ajax return true when is_admin() is checked.

So, what's happening here is the process method doesn't work with any native WordPress AJAX requests.

I didn't test this, but I believe the easiest fix is to do a check that accommodates AJAX requests. Something like if ( ( is_admin() && ! wp_doing_ajax() ) || is_user_logged_in() ) {.

The last thing I want to suggest is this line:

https://github.com/bmarshall511/wordpress-zero-spam/blob/master/modules/wpforms/class-wpforms.php#L130

Would be better changed to:

wpforms()->process->errors[ $form_data['id'] ]['header'] = $message;

This way the error message displays at the top of the form, right now it just shows arbitrarily with whatever the first field in the form is.

Hope that helps :)

@bmarshall511
Copy link
Collaborator Author

@jaredatch Perfect! That did it and good idea about the error message display didn't realize that was an option. Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaredatch @bmarshall511