I am using the Shopify remote add to cart form to pass a group of customized products. Same Shopify product (variant-id), different custom designs (line item properties).
The form call treats the 3 customized products that I am adding to the cart as identical even though they have distinct line items. If I push this to the Shopify cart I will see a product with a quantity of 3. If I submit a form for each product individually then it treats them as unique products in the cart which is the behavior I would hope for.
Here is and example of the code I am trying to use (Notice the "Customizer#" and "Your Design" is unique for each product):
<form action="http://www.boardlams.com/cart/add" method="post">
<input name="id[]" value="262542038" type="hidden">
<input id="Customizer#" name="properties[Customizer#]" value="RTD-Design-1" type="hidden">
<input id="YourDesign" name="properties[YourDesign]" value="http://designer.realtimedesigner.com/orders2/153000/153500/153561/3/design_1.png?1355818798" type="hidden">
<input name="id[]" value="262542038" type="hidden">
<input id="Customizer#" name="properties[Customizer#]" value="RTD-Design-2" type="hidden">
<input id="YourDesign" name="properties[YourDesign]" value="http://designer.realtimedesigner.com/orders2/153000/153500/153561/3/design_2.png?1355818798" type="hidden">
<input name="id[]" value="262542038" type="hidden">
<input id="Customizer#" name="properties[Customizer#]" value="RTD-Design-3" type="hidden">
<input id="YourDesign" name="properties[YourDesign]" value="http://designer.realtimedesigner.com/orders2/153000/153500/153561/3/design_3.png?1355818798" type="hidden">
<input name="return_to" value="/cart" type="hidden">
<input value="Many Customized Products" type="submit">
</form>
Is there a way to have the Shopify cart consider each product as separate item in the cart when submitting the form this way? Sending a remote add to cart form per customized project is not a good solution in this case because we want to submit all of the products as a group.
I appreciate any insights!
Regards,
John
Related
In my Django project, I have a search input in the navbar across most pages on my site.
I'm a beginner to OWASP ZAP. After running the scan, one of the high priority alerts (red flag icon) raised was Cross Site Scripting (Reflected).
In my case, this is my website search form:
<form method="GET" id="searchForm">
<input type="text" name="q"
id="searchQuery" placeholder="Search..." autocomplete="off" maxlength="100" required="">
</form>
if someone searches for javascript:alert(1); in the search box, the value= attribute contains the same.
<form method="GET" id="searchForm">
<input type="text" name="q" value="javascript:alert(1);"
id="searchQuery" placeholder="Search..." autocomplete="off" maxlength="100" required="">
</form>
Is this is a potentially vulnerability or is the input is being sanitized by Django? This form is created using a Django forms.ModelForm:
class SiteSearchForm(forms.ModelForm):
class Meta:
model = Search
fields = ('q',)
I've added a custom functionality to a model by overriding change_form.html. Basically, I'm letting users change the objects of a model if these changes were approved by the admin. I added two buttons, named accept-suggestion and decline-suggestion and I intend to handle the custom functionality through response_change method:
def response_change(self, request, obj):
if "decline-suggestion" in request.POST:
# do stuff...
if "accept-suggestion" in request.POST:
# do stuff...
Both buttons will send an e-mail to the user saying if the suggestion was declined or approaved. So far so good. The problem is that I want to add the possibility to the admin write a brief justification explaining why the suggestion was declined. So I changed change_form.html again.
<div class="submit-row">
<div class="float-left">
<a class="decline-button-outlined accordion" type="button" href="#">DECLINE SUGGESTION</a>
</div>
<div class="float-right">
<input class="accept-button" type="submit" name="accept-suggestion" value="ACEITAR SUGESTÃO">
</div>
</div>
<div class="additional-infos">
<fieldset class="module aligned">
<div class="form-row">
<label for="decline-reasons">Reasons for rejection:</label>
<textarea
placeholder="If you find necessary, provide information on the reasons that led to the rejection of the suggestion"
id="decline-reasons" class="vLargeTextField" rows="5"></textarea>
</div>
<div class="submit-row">
<div class="float-right">
<input class="decline-button" type="submit" name="decline-suggestion" value="DECLINE">
</div>
</div>
</fieldset>
</div>
Is this the best approach? If so, how can I get the value of the <textarea> above from within response_change? If not, what would you suggest?
Thank you very much!
If you add a name to your <textarea> you will be able to retrieve the contents on the server side. Without a name, the data is not being sent to the server (Django).
So something like this:
<textarea
placeholder="If you find necessary, provide information on the reasons that led to the rejection of the suggestion"
id="decline-reasons" name="decline-reasons" class="vLargeTextField" rows="5"></textarea>
Should allow you to retrieve the text on the Django side with request.POST["decline-reasons"].
how to retrieve a form search parameters in a django generic listView. My url is:
url(r'postsearch$', views.PostsList.as_view(), name='postsearch'),
My generic listview is:
class PostsList(generic.ListView):
model = Post
template_name = 'posts/post_list.html'
def get_queryset(self):
localisation = #how to get location
discipline = #how to get discipline
return Post.objects.filter(.......)
and my form is:
<form class="form-inline text-center" action="{% url 'posts:postsearch' %}" id="form-searchLessons" method="get">
<div class="form-group">
<input type="text" class="form-control" id="typeCours" list="matieres" placeholder="Matieres: e.g. Math, Physique,.." name="discipline">
<datalist id="matieres">
<option value="value1">
<option value="value2">
</datalist>
</div>
<div class="form-group">
<input type="text" class="form-control" id="Localisation" placeholder="Lieu: Bousaada, Douaouda,.."
name="localisation" onFocus="geolocate()">
</div>
<button type="submit" class="btn btn-default" id="btn-getLessons">
<span class="glyphicon glyphicon-search" aria-hidden="true"></span> Trouver !
</button>
</form>
I want to get the Posts by applying a filter according to the lacalisation and matieres introduced in the search fields (in the form)
You can add the search terms to your url regular expression.
url(r'postsearch/(?P<localisation>\w+)/(?P<descipline>\w+)/$', views.PostsList.as_view(), name='postsearch'),
(Note, mind the trailing slash)
In your get_queryset method you can use those given url parameters
def get_queryset(self):
localisation = self.kwargs['localisation'] or None
discipline = self.kwargs['discipline'] or None
filters = {}
if localisation:
filters.update(localisation: localisation)
if discipline:
filters.update(discipline: discipline)
return Post.objects.filter(**filters)
Eventually you should relocate getting the parameters outside your get_queryset, but that is up to you.
I'm not sure about the security risks doing it this way. Anyone having more information about the security risks during this operation, please share.
I build a library that can help you to solve this problem, you just have to put in the searchable_fields the attributes you want to filter and it will take care of the rest.
https://github.com/SchroterQuentin/django-search-listview
I have a Django form, which has a lot of fields so that I have to break it up to 3 pages. It means user has to fill some fields of the form in one page , and then they click next to go to next pages and continue to fill the forms.
To achieve that, I plan to display some fields of the form on each page.
I have come up with this code:
HTML Page 1:
<form method="POST" action="#" class="form">
{{form.email}}
{{form.phone_number}} ...
</form>
HTML Page 2 :
<form method="POST" action="#" class="form">
{{form.current_job}}
{{form.current_salary}}...
</form>
It works fine with this code but it just shows the form in basic appearance, I would like to use bootstrap to make it more beautiful.
My questions is that, how can I integrate bootstrap ?
I have come up with this solution, but it is hard-coded and difficult if I changes fields of the form in the future:
<label class="control-label" for="id_field1">Field 1</label>
<input class="form-control" id="id_field1" maxlength="50" name="field1" type="text"/>
<label class="control-label" for="id_field2">Field 2</label>
<input class="form-control" id="id_field2" maxlength="50" name="field2" type="text"/>
Thank you for your help!
I have a form in a django site
<form method="POST" action="." class="right_custom">{% csrf_token %}
<br>{% trans "Enter the discount coupon code if you have any" %}</br>
<input type="text" name="coupon_code" size="25" maxlength="25" />
<input type="submit" name="submit" value="Caluclate Discount"/>
</form>
I would like to translate the entire site to a lot of languages. I need to translate the button text which is Caluclate Discount. How can I do that? if i use {% trans %} tag, how will the view catch the right post request?
UPDATE
There are many forms on the same page like this and my view uses if postdata['submit']=="Caluclate Discount" to determine which submit request it is.
I was able to get the translation working.
Thanks to the answers by #linux-warrior and #Joachim
Now the form is
<form method="POST" action="." class="right_custom">{% csrf_token %}
<input type="hidden" name="form_name" value="discount_form" />
<br>{% trans "Enter the discount coupon code if you have any" %}</br>
<input type="text" name="coupon_code" size="25" maxlength="25" />
<input type="submit" name="submit" value="{% trans "Caluclate Discount" %}" />
</form>
And i check for if postdata['form_name']=='discount_form' in my view
For buttons, you really don't use the value field for anything else than the button text, so it is straightforward to translate:
<input type="submit" name="submit" value="{% trans "Caluclate Discount" %}"/>
I think that you should use {% trans %} for submit "value". I don't understand why would you need that value inside your view. If you want, you can still give your submit input a custom "name" attribute.
Edit. By the way, your
<br>...</br>
thing inside your form appears to be a bug. You will probably want to make it
<p>...</p>
instead. It is also not recommended to use "submit" name for a type="submit" input (taken from http://api.jquery.com/submit/):
Forms and their child elements should not use input names or ids that conflict with properties of a form, such as submit, length, or method. Name conflicts can cause confusing failures. For a complete list of rules and to check your markup for these problems, see DOMLint.
Your view doesn't care about what is the submit button's value, so even if you translate it, your view function will work.