Contrib.social

Webform 'remote_post' handler doesn't exclude fields without access

Open on Drupal.org β†’
Created on 24 May 2024, 7 months ago

Problem/Motivation

Webform elements without any access '#access': false are always added to the (GET) request of the Webform 'remote_post' handler. This could possibly lead to an invalid request.

Steps to reproduce

  • Create a Webform and add some regular elements and some elements without access '#access': false
  • Add a remote_post handler to execute a (GET) request
  • Note: elements without access are not shown in the 'excluded_data' settings of the handler and thus cannot be selected for exclusion.
  • Submit the Webform and inspect the request that has been sent.

Proposed resolution

- Allow elements without access to be selected in the 'excluded_data' configuration by including them in the configuration form. The 'excluded_data' only provides elements with the 'view' operation as an option to be selected ($webform->getElementsInitializedFlattenedAndHasValue('view')).

- Add a new option to '(always) Exclude fields without access'. Add a checkbox to the configuration of the handler. If checked, always exclude all elements without access from the request data.
I'm aware that excluding all elements without access may not be the best option as they are sometimes useful to be forwarded to the endpoint.

Remaining tasks

Share your opinion on this issue.

User interface changes

Possibly an extra field (checkbox) in the configuration of the 'remote_post' Webform handler.

πŸ› Bug report
Status

Active

Version

6.2

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium arno_vgh Antwerp

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @arno_vgh
  • Comment 7 months ago β†’
    πŸ‡§πŸ‡ͺBelgium arno_vgh Antwerp

    arno_vgh β†’ changed the visibility of the branch 3449549-webform-remotepost-exclude-fields-wo-access to hidden.

  • Status changed to Needs review 7 months ago
  • Comment 7 months ago β†’
    πŸ‡§πŸ‡ͺBelgium arno_vgh Antwerp
  • Merge request !471Added configuration option to Webform remote_post handler to exclude the elements without access. β†’ (Open) created by arno_vgh
  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 10.1.4 + Environment: PHP 8.2 & MySQL 8
    last update 7 months ago
    535 pass, 2 fail
  • Pipeline finished with Failed
    7 months ago
    Total: 2464s
    #180916
  • Pipeline finished with Success
    5 months ago
    Total: 213s
    #240495
  • First commit to issue fork.
  • Pipeline finished with Canceled
    28 days ago
    Total: 77s
    #348037
  • Comment 28 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY

    The feature request/access check makes sense but we will need to add tests and improve the approach.

    For example, I think the new settings should called 'check_access' at it should only check for #access: false.

    The concept of support #access: false is to allows admin to suppress elements without losing any data.

  • Comment 28 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY
  • Pipeline finished with Failed
    28 days ago
    Total: 426s
    #348038
  • Comment 28 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jrockowitz Brooklyn, NY
  • Pipeline finished with Failed
    28 days ago
    Total: 578s
    #348064
  • Pipeline finished with Failed
    10 days ago
    Total: 685s
    #366720
  • Pipeline finished with Failed
    9 days ago
    Total: 685s
    #367414
  • Pipeline finished with Success
    8 days ago
    #367927
  • Pipeline finished with Success
    6 days ago
    Total: 850s
    #370167
  • Pipeline finished with Failed
    5 days ago
    Total: 936s
    #370248
  • Pipeline finished with Success
    5 days ago
    Total: 701s
    #370406
  • Pipeline finished with Success
    5 days ago
    Total: 833s
    #370544
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024