#1 February 23, 2015 11:19am

jmason03
Member
Registered: January 9, 2014
Posts: 123

Embeddable Form with HTML field Error

I just created an embeddable form with an HTML field using the default tinyMCE plugin editor (specifically tinyMCE 4). I have received a few reports from our users that they were getting the "The form submission failed to pass our automated submission test. If you have JavaScript turned off, please turn it on." error when they were trying to submit. After talking with them and performing some of my own tests, I believe that if an unordered/ordered list is created in the HTML editor (whether it is created with the editor or pasted in from an outside source) is causing the hash validation check to fail. If I submit the form with other content in the editor (links, bold text, tables, etc.) it works fine. So far, I've only found the lists to be an issue. I'm not sure what is causing this but wanted to pass it along to some bigger brains than mine in hopes that you can help.

Thanks

Offline

#2 February 24, 2015 1:15pm

timbuckingham
Administrator
From: Baltimore, MD
Registered: April 2, 2012
Posts: 970

Re: Embeddable Form with HTML field Error

Sorry for the delayed reply. I can confirm your findings with the issue, but I'm at the moment still really confused as to what's causing the issue. Background on the validation for anyone interested -- it uses "hash cash" where the browser does some work on submission to verify you're not a bot. In this case on submit we take all the input fields and combine them into a single string, grab the md5 of that string and pass it as an additional field. The back end then does the same calculation on all the fields (minus the hash cash field) and checks to see if the md5s match. I know this so far:

  • Visually, the string that is being md5 hashed in both Javascript and PHP looks exactly the same. Copy and paste also yields the same string and gets the same MD5 result when hashing it manually.

  • If I grab the base64 encoded version of the string being hashed in Javascript and PHP it's different.

  • If you decode the base 64 versions of the strings in JS and PHP and then re-encode them in base 64, you get the same base 64 result.

My best guess at this point is that the character encoding is being read differently in PHP and Javascript which is leading to different results. I have no idea why this happens when a <ul> or something is included.

I'm going to keep working on figuring this out (and hopefully a solution!) -- just wanted to keep you posted!

Offline

#3 February 24, 2015 2:07pm

jmason03
Member
Registered: January 9, 2014
Posts: 123

Re: Embeddable Form with HTML field Error

Thanks for the heads up!

Offline

#4 February 24, 2015 2:59pm

timbuckingham
Administrator
From: Baltimore, MD
Registered: April 2, 2012
Posts: 970

Re: Embeddable Form with HTML field Error

Ok, I was off on the character encoding issue, but I was close! Turns out that JavaScript and PHP were disagreeing on the type of line endings that were occurring. One of them saw CRLF, the other only saw LF. I'm now stripping both when calculating the hash cash and it seems to be working properly now in my tests.

Commit to fix it is here:
https://github.com/bigtreecms/BigTree-C … 7f46f02111

Offline

#5 February 25, 2015 11:30am

jmason03
Member
Registered: January 9, 2014
Posts: 123

Re: Embeddable Form with HTML field Error

Works perfect now!

Thanks for working on this!

Offline

Board footer

Powered by FluxBB

The Discussion Forum is not available on displays of this size.