Contrib.social

Webform 'remote_post' handler doesn't exclude fields without access

Open on Drupal.org β†’
Created on 24 May 2024, over 1 year ago

Problem/Motivation

Webform elements without any access '#access': false are always added to the (GET) request of the Webform 'remote_post' handler. This could possibly lead to an invalid request.

Steps to reproduce

  • Create a Webform and add some regular elements and some elements without access '#access': false
  • Add a remote_post handler to execute a (GET) request
  • Note: elements without access are not shown in the 'excluded_data' settings of the handler and thus cannot be selected for exclusion.
  • Submit the Webform and inspect the request that has been sent.

Proposed resolution

- Allow elements without access to be selected in the 'excluded_data' configuration by including them in the configuration form. The 'excluded_data' only provides elements with the 'view' operation as an option to be selected ($webform->getElementsInitializedFlattenedAndHasValue('view')).

- Add a new option to '(always) Exclude fields without access'. Add a checkbox to the configuration of the handler. If checked, always exclude all elements without access from the request data.
I'm aware that excluding all elements without access may not be the best option as they are sometimes useful to be forwarded to the endpoint.

Remaining tasks

Share your opinion on this issue.

User interface changes

Possibly an extra field (checkbox) in the configuration of the 'remote_post' Webform handler.

πŸ› Bug report
Status

Active

Version

6.2

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium arno_vgh Antwerp

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @arno_vgh
  • Comment over 1 year ago β†’
    πŸ‡§πŸ‡ͺBelgium arno_vgh Antwerp

    arno_vgh β†’ changed the visibility of the branch 3449549-webform-remotepost-exclude-fields-wo-access to hidden.

  • Status changed to Needs review over 1 year ago
  • Comment over 1 year ago β†’
    πŸ‡§πŸ‡ͺBelgium arno_vgh Antwerp
  • Merge request !471Added configuration option to Webform remote_post handler to exclude the elements without access. β†’ (Open) created by arno_vgh
  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 10.1.4 + Environment: PHP 8.2 & MySQL 8
    last update over 1 year ago
    535 pass, 2 fail
  • Pipeline finished with Failed
    over 1 year ago
    Total: 2464s
    #180916
  • Pipeline finished with Success
    about 1 year ago
    Total: 213s
    #240495
  • First commit to issue fork.
  • Pipeline finished with Canceled
    9 months ago
    Total: 77s
    #348037
  • Comment 9 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY

    The feature request/access check makes sense but we will need to add tests and improve the approach.

    For example, I think the new settings should called 'check_access' at it should only check for #access: false.

    The concept of support #access: false is to allows admin to suppress elements without losing any data.

  • Comment 9 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY
  • Pipeline finished with Failed
    9 months ago
    Total: 426s
    #348038
  • Comment 9 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY
  • Pipeline finished with Failed
    9 months ago
    Total: 578s
    #348064
  • Pipeline finished with Failed
    9 months ago
    Total: 685s
    #366720
  • Pipeline finished with Failed
    9 months ago
    Total: 685s
    #367414
  • Pipeline finished with Success
    9 months ago
    #367927
  • Pipeline finished with Success
    8 months ago
    Total: 850s
    #370167
  • Pipeline finished with Failed
    8 months ago
    Total: 936s
    #370248
  • Pipeline finished with Success
    8 months ago
    Total: 701s
    #370406
  • Pipeline finished with Success
    8 months ago
    Total: 833s
    #370544
  • Pipeline finished with Failed
    7 months ago
    Total: 578s
    #402772
  • Pipeline finished with Canceled
    7 months ago
    Total: 213s
    #402780
  • Pipeline finished with Success
    7 months ago
    Total: 892s
    #402784
  • Pipeline finished with Failed
    6 months ago
    Total: 251s
    #428461
  • Comment 2 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY

    If the tests pass, I think this is RTBC

  • Status changed to RTBC 2 days ago
  • Comment 2 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY
  • Comment about 2 hours ago β†’
    πŸ‡¨πŸ‡¦Canada Liam Morland Ontario, CA πŸ‡¨πŸ‡¦

    liam morland β†’ made their first commit to this issue’s fork.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024