how to troubleshoot? [undefined] » Tampering attempt detected!

42 Posts

noes Reply #1, 15 years, 7 months ago

Hi everyone,

I keep getting the [undefined] » Tampering attempt detected!-message when using eForm. I was wondering wheter a way exist to troubleshoot this message: I tried eliminating certain bits of the chunks I use (those with placeholders etc), but nothing seems to work so far. I don’t really have a clue where to find the cause of the error, does anyone know what could be the cause of this message?

snippetcall:

[!eForm? &formid=`[*pagetitle*]` &tpl=`eForm-login-tpl` &report=`eForm-tpl` &from=`[+user.email+]` &fromname=`[+user.fullname+]` &to=`[email protected]` &subject=`[+subject+]` &allowhtml=`1` &submitLimit=`5`!]

chunk:

<div class="eform">
	<!--display error msg if any--><p class="error">[+validationmessage+]</p>
	<form id="[*pagetitle*]" method="post" action="[~[*id*]~]" name="eForm-loggedin-input" enctype="multipart/form-data"/>
		<label class="eform-label" accesskey="n" for="fullname">Name: </label><input class="eform-textinput" type="text" name="fullname" maxlength="60" eform="Name:string:1:Please fill out your complete name:" />
		<label class="eform-label" accesskey="p" for="product">Product (if applicable): </label><input class="eform-textinput" type="text" name="product" maxlength="30" eform="Product:string:0::" />
		<label class="eform-label" accesskey="s" for="subject">Subject: </label><input class="eform-textinput" type="text" name="subject" maxlength="30" eform="Subject:string:1:Please enter a subject:"/>
		<label class="eform-label" for="message">Your Question: </label><textarea class="eform-textarea" rows="5" cols="40" eform="Question:html:0:Please enter a message to send:"></textarea>	
		<input type="hidden" name="username" value="Posted by: [+user.username+]" eform="::0::#REGEX /.*?/" />
		<input type="hidden" name="email" value="Email: [+user.email+]" eform=":email:1:error in email:#REGEX /.*?/" />
		<input type="hidden" name="phone" value="Phone nr: [+user.phone+]" eform="::0::#REGEX /.*?/" />
		<input type="hidden" name="mobilephone" value="Mobile Phone: [+user.mobilephone+]" eform="::0::#REGEX /.*?/" />
		<input type="hidden" name="currentlogin" value="User logged in: [+user.thislogin+]" eform="::0::#REGEX /.*?/" />
		<input type="submit" name="submit" value="Send" />
	</form>
</div>

As I said, I tried without the placeholders as well. Does anyone see an error in the code/chunk I use, or is there something else that often gets in the way? I’m a bit clueless wink

thank you,
noes

7 Posts

timst Reply #2, 15 years, 7 months ago

I got this message, but when I changed the hidden inputs to have eform="::0::" without the REGEX it worked for me.

42 Posts

noes Reply #3, 15 years, 7 months ago

thanx for the advice, sorry to say it didn’t work.

☆ A M B ☆
24,524 Posts

sottwell Reply #4, 15 years, 7 months ago

What does the final page source (view source in your browser) look like? I’m not so sure that the [*pagetitle*] will work in the chunk template like that.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

1,010 Posts

TobyL Reply #5, 15 years, 7 months ago

Your hidden fields are filled with the placeholder values after eform has stopped executing, therefore eform does not see the actual values when they are posted and because of the automatic hidden field validation creates errors. The REGEX rules should override this but that seems to be going wrong. First off all set the &debug parameter to 3 and watch the error messages again. Where it normally prints "undefined" you should now see the actual field name so that you at least know where it goes wrong.

Just having placeholders in your hidden field values is not the best way to populate these fields by the way. What you are basically doing with the REGEX expressions is allow any value, negating any validation. This means that anyone could tamper with the values and cause havoc. A safer scenario would be to populate these values yourself in the eFormOnBeforeParse event of eForm. There are numerous examples of doing this in the forum but basically you’d use the form template as is and use str_replace() in your event function to set the proper values.

eForm | eForm support | eForm @ wiki

42 Posts

noes Reply #6, 15 years, 7 months ago

sotwell: thank you, I just came up with the same idea and it indeed worked

TobyL: thank you for this debug information. I don’t really worry about disabling the checks, since I will be using two pages: one for unregistered users (with full checks) and one for registered ones.

And you;re right once again: I can’t use normal placeholders in the form in anyway.

☆ A M B ☆
275 Posts

modx.customize Reply #7, 12 years, 11 months ago

+1 with thank you msg 8-)

modx and ecommerce pro

7 Posts

gusdecool Reply #8, 12 years ago

This how i usually trick it, change

input type="hidden"

to

type="text"

, but set that style into

style="display:none;"

Remember do not use this to carry sensitive data, since it allowed the value to be modified!

898 Posts

chucktrukk Reply #9, 11 years, 7 months ago

This works, in the hidden fields, put some type of eform call.

I put this: eform="::0::" and it works. I got it from here: http://wiki.modxcms.com/index.php/EForm

Chuck the Trukk
ProWebscape.com :: Nashville-WebDesign.com
- - - - - - - -
What are TV's? Here's some info below.
http://modxcms.com/forums/index.php/topic,21081.msg159009.html#msg1590091
http://modxcms.com/forums/index.php/topic,14957.msg97008.html#msg97008