Extension talk:FormHandler send form by Email/Archive 1

To all who had problems with the toString error: Use version 0.2, this should fix the problem. Dbu 14:08, 16 April 2008 (UTC)

Security
Perhaps a dumb question, but what's to stop someone from creating their own form and using that to send spam/malware/whatever?


 * As noted in the Installation section:
 * To avoid spam, you should make sure that only trusted users can edit the pages which use the extension.
 * The primary goal of this extension was to avoid writing full html forms inside the wiki, which would introduce the much larger risk of users injecting javascript or anything into a wiki page.
 * Better possibilities could be
 * * limit the number of emails to be sent through the form by the same address.
 * * implement a configuration setting to limit the possible target addresses of the form, so at worst the admins are mailbombed, which can be done using normal email software as well.
 * If anybody feels like doing this, contact me. -- Dbu, 2006-03-27

I may be misunderstanding how this extension works, but what's to stop a spammer from coming along and setting up their own page using this extension? They don't necessarily have to use pages you've set up, if they know the proper syntax they can set up their own.


 * Comment: Perhaps the extension should be changed to store source and target e-mail addresses somewhere in the MediaWiki: namespace, instead of accepting raw e-mail addresses as parameters? That way, the msg code used to translate the user interface into other languages could be re-used to look up the e-mail addresses to be used. MediaWiki: is by default protected so that only +sysop have access to edit there, preventing the code from being used to send spam to arbitrary addresses other than those preconfigured by admins. --66.102.65.40 11:56, 16 June 2006 (UTC)


 * Anybody is welcome to do that. Please drop me a note if you did. Dbu 14:08, 16 April 2008 (UTC)

"Sender" vs "Email"
What's the difference between "Sender" and "Email"? --Yonghokim 06:58, 28 October 2006 (UTC)


 * The sender can be used as From part of the mail to be sent. If it is set, it is - as the target - never shown to the client but kept on the server. If sender is present, 'email' is only used as a reply-to address. It can be used to allowe a user to submit a form without specifying his email address. It was not very obvious in the doc, i will improve that.

Extension not working
I installed this extension and everything seems to be fine except when I click "Submit Query" I get forwarded to an invalid page, it looks as though I am being sent to the root directory of my domain such as domainname.com/Form, rather then an authentic wiki style link such as "domainname.com/index.php?title=Form."

Any ideas why?

Thanks!


 * Sorry, no idea. Anybody else has this problem? Any more details? Dbu 14:08, 16 April 2008 (UTC)

Sending Email from Form to Multiple Recipients
Is it possible to have the form sent to more than 1 recipient? If so, how? - Colin


 * It might be possible to just give all addresses in one target parameter, separated by ','. If this does not work: The UserMailer class checks if the $to parameter is an array. So you could think up a method to specify multiple targets and adapt the script to build an array from them. Dbu 14:08, 16 April 2008 (UTC)

',' separated email id's are allowed in the user mailer class. But in form handler it validates the email address in target field, so we need to change that logic according to multiple reciepients.--Shabnam Garg Here is the code:

Radio Buttons/ Check Boxes
I have added both these features and also user can send mail to multiple reciepients.--Shabnam Garg Here is my code ';	return $output; } function submit { global $wgUser, $wgDBname, $wgIP; $error = ''; foreach($this->fields as $field) { $this->fields[$field['name']]['value'] = $this->request->getText('FormHandler_'.$field['name']); if (isset($field['required'])) { if (empty($_POST['FormHandler_'.$field['name']])) { $error .= $field['prompt']. ' '; //todo: better would be to highlight the fields. for this we would keep a list of required fields here. }     }    }    if (! empty($error)) { return $this->show("Not all required fields have been filled out: \n$error"); }   if ( 0 != $wgUser->getID ) { $username = $wgUser->getName; } else { $username = '(not logged in)'; }   $usermail = $this->request->getText('FormHandlerEmail'); if (empty($usermail)) $usermail=false; /*SG250028 Removing the wiki server name which was displayed on top of the mail*/ $message = 'Form '.$this->argv['name']." has been submitted by $username\n"; //$message = 'Form '.$this->argv['name']." has been submitted by $username (IP: $wgIP, Email: " . ($usermail ? $usermail : 'not specified') .') \n This Email is sent to you by MediaWiki FormHandler extension from http://'.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n\n"; foreach($this->fields as $field) { $message .= $field['name']. ': ';     switch($field['type']) { case 'text': case 'select': /*SG250028 Getting radio button values*/ case 'radiobutton': case 'textarea': $value = $this->request->getText('FormHandler_'.$field['name']); break; /*SG250028 Getting check box values...starts*/ case 'checkbox': $value = ""; foreach($_POST['FormHandler_'.$field['name']] as $s){ $value =$value ." ". $s." "; }			break; /*SG250028 Getting check box values...ends*/ case 'hidden': $value = $field['value']; //we do not put it into form and not treat it, but keep it at server side... break; case 'invalid': $value = 'There is an invalid line in the form: '.$field['value']; break; default: $value = 'Implementation Error in FormHandler: unexpected field type '.$field['type']; break; }     $message .= (empty($value) ? '[not set]' : $value). "\n"; }   switch ($this->argv['method']) { case 'email': require_once('UserMailer.php'); if ($usermail!==false && ! $this->isValidEmail($usermail)) return $this->show('Your specified Email adress is invalid: '.$usermail); //sender is either == usermail or tested above if (! $this->sender) { if (! $usermail) return $this->show("The Email field is required, please fill in."); $this->sender=$usermail; }       $error = userMailer( $this->target,                              $this->sender,                              $this->argv['name'].'form from FSDWiki',                             $message,                             $usermail); if (empty($error)) { return 'Thank you for sending a message to '.$this->target."

\n".nl2br($message);       } else {          return "Sorry, sending the form failed.\n" . htmlspecialchars($error);        }        break;      default:        return 'Sorry, this is an invalid form, i do not know the method to store the information: '.$this->argv['method'];    }  }  /*    * Check Email for validity, using a regular expression.   */    function isValidEmail($candidate) {	/*SG250028 Validation Logic of Email Address in case of multiple reciepients...starts*/	$token = strtok($candidate, ",");	$result = false;	while ($token !== false)	{		$result = eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $token);		if($result==false){			break;		}		$token = strtok(",");	}	return $result;	/*SG250028 Validation Logic of Email Address in case of multiple reciepients...ends*/  } }

No Email, End up on Non-existing page
I cobbled together the 0.2 release with the checkboxes/radio button version above, but I was not able to get it to work. The form rendered correctly, but when I submitted the form
 * 1) I never received the e-mail.
 * 2) It redirected me from User:Tnabtaf/Sandbox to User/Tnabtaf/Tnabtaf/Sandbox, which does not exist.

I'm going to give up on this one for the time being. Please let me know if you want the source for what I was using.

Thanks,

Tnabtaf 03:56, 30 August 2008 (UTC)