Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other WebSite change Form practice problems Reply To: WebSite change Form practice problems

#195374
Shikkediel
Participant

Glad that worked. But I can relate to it being an annoyance to not know the exact original cause. To be honest, I’m not too sure I fully see yet how the php should work. This would be a list of the only name values that could pass if I understand correctly :

$whitelist = array('token','name','email','subject','URL-main','text','save-stuff');

Of which name, email and text (input types) should actually be avoided, according to the logic of the pages linked to earlier. So making it the following – and adding send to the whitelist should work :

<input type="submit" name="send" value="Send Message!"/>
$whitelist = array('token','send','subject','URL-main','save-stuff');

Unless the application depends on the removed values somewhere else of course. The whitelist would not be checking any ids as they are not input names (attributes) by the way.

Edited – below is not accurate for a submit button itself.

Why possibly change what works? The W3 spec says the following :

Only form elements with a name attribute will have their values passed when submitting a form.

Addressing it with CSS would be like this :

input[name="send"] {    

// style rules

}    

Or give both a name and id and keep the CSS as is :

<input type="submit" name="send" id="send" value="Send Message!"/>

Edit – in hindsight, the name attribute may not be all too relevant for a submit button. But I’ll leave the comment in there for general interest.