I am having problems with my ColdFusion code returning "Element AUTHOR is undefined in FORM." whenever I submit my form. I've tried using <cfparam> to set comment.author but it didn't work either. I'm fairly new to ColdFusion so any reasoning comments would be great too!
<cfparam name="form.submitted" default="0" />
<cfset blogPost = EntityLoad('BlogPost',url.id,true) />
<cfif form.submitted>
<cfset comment = EntityNew('BlogComment') />
<cfset comment.author = form.author />
<cfset comment.comment = form.comment />
<cfset comment.createdDateTime = now() />
<cfset blogPost.addComment(comment) />
<cfset EntitySave(blogPost) />
</cfif>
<cfimport taglib="customTags/" prefix="layout" />
<layout:page section="blog">
<!-- Content Start -->
<!--Card -->
<div id="content">
<div class="card-pattern">
<!-- blog -->
<div id="blog">
<div class="clr">
<div class="top-bg1">
<div class="top-left">
<div><h1>Blog</h1></div>
</div>
</div>
<div class="clr">
<div class="pat-bottomleft"> </div>
<div class="pat-bottomright"> </div>
</div>
</div>
<div class="blog-top">
<div class="clr">
<cfoutput>
<div class="left">
<!-- Blog Title -->
<h2 class="big">
#blogPost.title#
</h2>
<!-- Date Published -->
<h5>
<strong>Date Posted</strong>: #dateformat(blogPost.dateposted,'mm/dd/yyyy')#
</h5>
<!-- Blog Body -->
#blogPost.body#
<!-- Blog Export -->
<p>
<img src="assets/images/export_pdf.png" border="0"/>
</p>
<!-- Blog Comments Section -->
<h3>
Comments #arrayLen(blogPost.getComments())#
</h3>
<div class="clr hline"> </div>
<div class="clr comments">
<ul>
<!-- Start Comment -->
<cfloop array="#blogPost.getComments()#" index="comment">
<li>
<p>
<strong>Posted On:</strong> #dateFormat(comment.createdDateTime,'mm/dd/yyyy')# at #timeformat(comment.createdDateTime,'short')# By #comment.author#
</p>
<p>
#comment.comment#
</p>
<div class="clr hline"> </div>
</li>
</cfloop>
<!-- End Comment -->
</ul>
</div>
<h3>
Post Comment
</h3>
<div class="clr hline"> </div>
<div class="clr postComment">
<form action="BlogPost.cfm?id=#blogPost.id#" method="post" id="form">
<div>
<label>Name <span class="font-11">(required)</span></label>
<input name="contactname" type="text" class="required" />
</div>
<div class="textarea">
<label>Comment <span class="font-11">(required)</span></label>
<textarea name="comment" rows="6" cols="60" class="required"></textarea>
</div>
<div>
<input id="submitBtn" value="Submit" name="submit" type="submit" class="submitBtn" />
</div>
<input type="hidden" name="submitted" value="1" />
</form>
</div>
</div>
</cfoutput>
<div class="right" >
<h2>Categories</h2>
<!-- Blog Specific Categories -->
<div id="categories" align="center">
<ul>
<li>ColdFusion</li>
<li>Development</li>
</ul>
</div>
</div>
</div>
</div>
<div class="clr"></div>
</div> <!--blog end -->
</layout:page>
The error is telling you what is wrong. There is no author element in your form OR there is no form scope at all. Here is the form code that you posted:
<form action="BlogPost.cfm?id=#blogPost.id#" method="post" id="form">
<div>
<label>Name <span class="font-11">(required)</span></label>
<input name="contactname" type="text" class="required" />
</div>
<div class="textarea">
<label>Comment <span class="font-11">(required)</span></label>
<textarea name="comment" rows="6" cols="60" class="required"></textarea>
</div>
<div>
<input id="submitBtn" value="Submit" name="submit" type="submit" class="submitBtn" />
</div>
<input type="hidden" name="submitted" value="1" />
</form>
It only contains 4 elements: contactname, comment, submit and submitted. This means that after the form is submitted ColdFusion will have access to: form.contactname, form.comment, form.submit and form.submitted. I presume that you are trying to set your comment.author variable to the contactname form field.
You could either change your code where you are setting the variable, like this:
<cfset comment.author = form.contactname />
Or you could change your code where the form field is defined, like this:
<input name="author" type="text" class="required" />
Either way, the references to the form scope must match the names that you give them in your HTML form. For what it's worth, you can always dump the form scope after it is submitted to see what is available, like this:
<cfdump var="#form#">
Also remember to sanitize all data that you receive from the client.
How can I sanitize user input but keep the content of <pre> tags?
Agreed, undefined because it doesn't exist in the form.
And definitely sanitize all form and url data. One example below:
<cfset myVar = ReReplaceNoCase(#FORM.formfield#,"<[^>]*>","","ALL")/>
Related
In my Django App there is a page where users can upload files from their local machine (and do other things).
The flow I built is so that users click on "+", a modal form comes up, users browse for a file on their local machine, select it and when they click save I submit the form.
However, for some reason, the file isn't getting posted but it seems like I am posting only the name of the file. But I can't figure out why.
file page
...
<div class="list-files__btn-plus-wrp">
<a class="list-files__btn-plus" href="#" data-bs-toggle="modal" data-bs-target="#modal">
<img src="{% static 'action/img/project/files/icon_plus-file.svg' %}" alt="+">
</a>
</div>
{% include 'action/forms/modals/modal.html' %}
modal.html
<div class="modal fade" tabindex="-1" role="dialog" id="modal" >
<div class="modal-dialog" role="document">
<div class="modal-content">
<!-- Popup -->
<div class="pop-up-form">
<div class="pop-up-form__wrp">
<!-- Title -->
<div class="pop-up-form__title-wrp">
<h2 class="pop-up-form__title">Dialog Title</h2>
</div>
<!-- END Title -->
<!-- Form -->
<form action="{% url 'action:project_files' project_id=project.id %}" method="POST" class="pop-up-form__form">
{% csrf_token %}
<!-- Input File Name -->
<div class="pop-up-form__input-wrp">
<label class="pop-up-form__label" for="fileName">File Name</label>
<input class="pop-up-form__input" id="fileName" name="fileName" type="text" placeholder="File Name">
</div>
<!-- END Input File Name -->
<!-- Input Link -->
<div class="pop-up-form__input-wrp">
<!-- Link -->
<div class="pop-up-form__input-two-wrp">
<label class="pop-up-form__label" for="inputLink">Link</label>
<input class="pop-up-form__input" id="inputLink" name="inputLink" type="text" placeholder="https://">
</div>
<!-- END Link -->
<!-- Local File Name -->
<div class="pop-up-form__local-input-wrp">
<img src="{% static 'action/img/project/files/icon_paperclip-solid.svg' %}" alt="Added">
<input type="text" id="fileNameLocal" class="pop-up-form__filename-local" disabled>
<span id="deleteFile">
<img src="{% static 'action/img/project/files/icon_close-inputfile.svg'%}" alt="Close">
</span>
</div>
<!-- END Local File Name -->
</div>
<!-- END Input Link -->
<!-- WRP Text & Upload -->
<div class="pop-up-form__input-wrp-all">
<p class="pop-up-form__input-text">OR</p>
<div class="pop-up-form__file-upload">
<label>
<input type="file" name="userfile[]">
<span>Browse</span>
</label>
</div>
</div>
<!-- END WRP Text & Upload -->
<!-- BTNs -->
<div class="pop-up-form__btn-wrp">
<button type="button" class="btn-transparent" data-dismiss="modal">Close</button>
<button type="submit" class="btn-black">Save</button>
</div>
<!-- END BTNs -->
</form>
<!-- END Form -->
</div>
</div>
<!-- END Popup -->
</div>
</div>
</div>
view
class ProjectFiles(MyLoginRequiredMixin, TemplateView):
template_name = 'action/project/file.html'
def post(self, request, *args, **kwargs):
instance = get_object_or_404(JobProject, id=kwargs['project_id'])
if request.POST.get('userfile[]'):
file = request.FILES['userfile[]']
#Actually, the whole request.FILES is empty
In your form, add the enctype to deal with files
<form action="{% url 'action:project_files' project_id=project.id %}" method="POST" class="pop-up-form__form" enctype="multipart/form-data">
{% csrf_token %}
....
Im trying to use the code I have found and its not working properly it is always saying that I am a robot do you have any idea why this will not work?
The Application.cfc has the site and secret key in it.
<script src="https://www.google.com/recaptcha/api.js?render=<cfoutput>#application.SiteKey#</cfoutput>"></script>
<cfif ISDEFINED('FORM.FirstName')> <!--- check if form was submitted and if so run code below --->
<cfhttp url="https://www.google.com/recaptcha/api/siteverify?secret=#application.SecretKey#&response=#FORM['g-recaptcha-response']#" result="Response" />
<cfset Return = deserializeJSON(Response.FileContent) />
<cfif Return.success IS 'true' AND Return.score GT 0.0> <!--- check if true and if score is greater than 0.5. Run code below if all good. --->
<cfoutput>Human: #FORM.FirstName# #FORM.LastName#</cfoutput>
<!--- you can do database entry and/or email results here --->
<cfelse> <!--- if not a human, do this. I usually remove the else part completely, but if you need to do something with the robot, do it here. --->
Most likely a robot.
</cfif>
<cfelse> <!--- show form --->
<form method="post" action="/contact.cfm"> <!--- submit form back to itself --->
First Name: <input name="FirstName" type="text"><br>
Last Name: <input name="LastName" type="text"><br>
<input name="submit" type="submit">
<input name="g-recaptcha-response" id="g-recaptcha-response" type="hidden" /> <!--- javascript below gives this a value from google. --->
</form>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('<cfoutput>#application.SiteKey#</cfoutput>', {action: 'homepage'})
.then(function(token) {
document.getElementById('g-recaptcha-response').value=token;
});
});
</script>
</cfif>
This is how I was able to get the form working properly.
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<script src="https://www.google.com/recaptcha/api.js?render=YOUR SITE KEY"></script>
<!-- contact form demo container -->
<cfif ISDEFINED('FORM.name')> <!--- check if form was submitted and if so run code below --->
<cfhttp url="https://www.google.com/recaptcha/api/siteverify?secret=#application.SecretKey#&response=#FORM['token']#" result="Response" />
<cfset Return = deserializeJSON(Response.FileContent) />
<cfif Return.success IS 'true' AND Return.score GT 0.5> <!--- check if true and if score is greater than 0.5. Run code below if all good. --->
<cfelse> <!--- if not a human, do this. I usually remove the else part completely, but if you need to do something with the robot, do it here. --->
</cfif>
<cfelse>
<section style="margin: 50px 20px;">
<div style="max-width: 768px; margin: auto;">
<!-- contact form -->
<div class="card">
<h2 class="card-header">Contact Form</h2>
<div class="card-body">
<form class="contact_form" method="post" action="contact.cfm">
<!-- form fields -->
<div class="row">
<div class="col-md-6 form-group">
<input name="name" type="text" class="form-control" placeholder="Name" required>
</div>
<div class="col-md-6 form-group">
<input name="email" type="email" class="form-control" placeholder="Email" required>
</div>
<div class="col-md-6 form-group">
<input name="phone" type="text" class="form-control" placeholder="Phone" required>
</div>
<div class="col-md-6 form-group">
<input name="subject" type="text" class="form-control" placeholder="Subject" required>
</div>
<div class="col-12 form-group">
<textarea name="message" class="form-control" rows="5" placeholder="Message" required></textarea>
</div>
<!-- form message prompt -->
<div class="row">
<div class="col-12">
<div class="contact_msg" style="display: none">
<p>Your message was sent.</p>
</div>
</div>
</div>
<div class="col-12">
<input type="submit" value="Submit Form" class="btn btn-success" name="post">
</div>
<!-- hidden reCaptcha token input -->
<input type="hidden" id="token" name="token">
</div>
</form>
</div>
</div>
</div>
</section>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('YOUR SITE KEY', {action: 'homepage'}).then(function(token) {
// console.log(token);
document.getElementById("token").value = token;
});
// refresh token every minute to prevent expiration
setInterval(function(){
grecaptcha.execute('YOUR SITE KEY', {action: 'homepage'}).then(function(token) {
console.log( 'refreshed token:', token );
document.getElementById("token").value = token;
});
}, 60000);
});
</script>
</cfif>
<!-- References for the optional jQuery function to enhance end-user prompts -->
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
This is how I passed the values to the API. Again, just passing along code that worked, not saying this is the only way
<cfhttp method="post" url="https://www.google.com/recaptcha/api/siteverify" result="Response">
<cfhttpparam name="secret" type="formField" value="#application.SecretKey#">
<cfhttpparam name="response" type="formField" value="#form["g-recaptcha-response"]#">
</cfhttp>
A login form is submitted and when I try and dump the values the form structure is empty in IE but not FF or Chrome. This is in a DEV environment using HTTPS and a corporate self signed certificate.
I don't really think this is Fusebox related but it is the framework I'm using. No choice in the matter as it is legacy code and no budget to change it so please don't suggest I move on.
I've discovered that in IE it doesn't like the form action to be of the format:
/directory/index.cfm?fuseaction=app.Security
Instead it wants a fully qualified action
https://www.mycompany.com/directory/index.cfm?fuseaction=app.Security
<form action="/directory/index.cfm?fuseaction=app.Security" name="loginForm" id="loginForm" method="post">
<div style="width:55%;" align="center" id="fieldset">
<fieldset class="border" style="width:70%;">
<legend>Login</legend>
<div style="padding:2%">
<label for="userID">User ID: <span id="error1" class="redbold" aria-live="assertive"></span> </label>
</div>
<div>
<span class="required">*</span> <input type="text" name="userID" id="userID" size="32" maxlength="8" value="" />
</div>
<div style="padding:2%">
<label for="pw">Password: <span id="error2" class="redbold" aria-live="assertive"></span></label>
</div>
<div>
<span class="required">*</span> <input type="password" name="pw" id="pw" size="32" maxlength="20" value="" />
</div>
<div style="padding:2%" id="formButtons">
<input type="submit" value="Login" class="buttonfield" title="Login to eAgenda" />
<span style="padding-left:5%; margin-left:5%">
<input type="reset" value="Clear" class="buttonfield" title="Clear" />
</span>
<div id="errorMsg">
<p>
<span class="redbold"></span>
</p>
</div>
</div>
<span class="required">*</span>Mandatory field
</fieldset>
</div>
</form>
In the end it was a <base href="http://..."/> tag in the header. Removing or making it https solved the problem.
the post method is not getting the username record. the get method is working fine but html form is showing the following error:
This field is required
<h2>Users</h2>
<ul>
<form method="post" action=""><input type='hidden' name='csrfmiddlewaretoken' value='8gQo0iGRTDE7kayhFJqj2fOt7UkejlkG' />
<li>
<input type="text" value= mayur><br>
<input type="submit" value="follow" />
</li>
<li>
<input type="text" value= mayurnitrr><br>
<input type="submit" value="follow" />
</li>
<li>
<input type="text" value= lokesh><br>
<input type="submit" value="follow" />
</li>
</form>
</ul>
<p align="center">Back</p>
You haven't shown how you handle these but none of your inputs have a name parameter which you need to provide
<input type="text" name="somethingdescriptive" value="lokesh"><br>
request.POST should now contain the key "somethingdescriptive"
Now I need the following search structure in the theme:
<div class="sideCol">
<aside class="siteSearch">
<form name="searchform" action="search" class="searchPage searchform" id="searchform">
<fieldset>
<legend>Website durchsuchen</legend>
<input class="searchPage text lang-de" name="SearchableText" type="text" size="25" title="Website durchsuchen" value="" placeholder="Suchbegriff..." />
<button type="submit"><i class="icon-search"></i></button>
</fieldset>
</form>
</aside>
</div>
All I need to get from Plones sunburst theme is the action link for the form element.
So I tried this:
<replace css:content-children="#portal-searchbox">
<xsl:variable name="action_link" select="form/#action" />
<form name="searchform" action="search" class="searchPage searchform" id="searchform">
<xsl:attribute name="action">${action_link}</xsl:attribute>
<fieldset>
<legend>Website durchsuchen</legend>
<input class="searchPage text lang-de" name="SearchableText" type="text" size="25" title="Website durchsuchen" value="" placeholder="Suchbegriff..." />
<button type="submit"><i class="icon-search"></i></button>
</fieldset>
</form>
</replace>
<replace css:content-children="#portal-searchbox" css:theme-children=".siteSearch" />
The problem ist that all I get in the theme is the structure of Plones Sunburst Search.
<div class="sideCol">
<aside class="siteSearch">
<form id="livesearch0" action="http://localhost:8080/mamuz/de/##search">
<div class="LSBox">
<label class="hiddenStructure" for="searchGadget">Website durchsuchen</label>
<input name="SearchableText" type="text" size="18" title="Website durchsuchen" placeholder="Website durchsuchen" accesskey="4" class="searchField" id="searchGadget" autocomplete="off">
<input class="searchButton" type="submit" value="Suche">
<div class="searchSection">
<input id="searchbox_currentfolder_only" class="noborder" type="checkbox" name="path" value="/mamuz/de/impressum">
<label for="searchbox_currentfolder_only" style="cursor: pointer">nur im aktuellen Bereich</label>
</div>
<div class="LSResult" id="LSResult">
<div class="LSShadow" id="LSShadow"></div>
</div>
</div>
</form>
<div id="portal-advanced-search" class="hiddenStructure">
Erweiterte Sucheā¦
</div>
</aside>
</div>
I'm familiar with diazo but pretty new to xslt. What is wrong? I tired several types of placements like import before it gets modified. Nothing helps.
Using the replace directive on attribute itself should work:
<replace attributes="action"
css:content="#portal-searchbox form"
css:theme="#searchform" />