[Forminator Pro] Duplicated value attribute through wrong create_input implementation

Hi there,
we found a bug in the Forminator plugin. here's the description:

in plugins/forminator/library/abstracts/abstract-class-field.php --> method create_input()

There is a $markup variable, filled over the $attr parameter and maybe, e.g. in case of a text field's default value, a 'value='

Then there's a $post_value variable filled with $post_value = self::get_post_data( $attr['name'], false );

Later in the function, the input is printed like:
$html .= sprintf( '<input size="1" %s %s/>', $markup, ( $post_value ? 'value= "' . $post_value . '"' : '' ) );

The problem is, that when the $attr param is set via the function call and additionally there's a post value set in $post_value, the html attribute "value" is printed twice!

The html then looks e.g. like this:
<input size="1" class="forminator-input forminator-name--field" name="text-4" placeholder="" id="text-4-field" data-required="" value="" aria-labelledby="forminator-label-text-4" value= "blue"/>

value="" comes from the $printed markup wich has an empty attribute value e.g. via an empty default value of the an input.
value="blue" comes from the $post_value e.g. if you submit the form and got form errors in other inputs, but the inputted value of blue appears in it's corresponding input again, so that the user does not have to fill out the field again.

We provide a bug fix for this problem. Here's the whole new create_input function:

public static function create_input( $attr = array(), $label = '', $description = '', $required = false, $design = '' ) {
$html = '';
$post_value = self::get_post_data( $attr['name'], false );

if($post_value){
$attr["value"] = $post_value;
}

$markup = self::implode_attr( $attr );

if ( $label ) {

if ( $required ) {

$html .= '<div class="forminator-field--label">';
$html .= sprintf( '<label id="forminator-label-%s" class="forminator-label">%s %s</label>', $attr['id'], $label, forminator_get_required_icon() );
$html .= '</div>';

} else {

$html .= '<div class="forminator-field--label">';
$html .= sprintf( '<label id="forminator-label-%s" class="forminator-label">%s</label>', $attr['id'], $label );
$html .= '</div>';

}

}

if ( 'material' === $design ) {
$html .= '<div class="forminator-input--wrap">';
}

$html .= sprintf( '<input size="1" %s />', $markup );

if ( 'material' === $design ) {
$html .= '</div>';
}

if ( ! empty( $description ) || '' !== $description ) {
$html .= self::get_description( $description );
}

return apply_filters( 'forminator_field_create_input', $html, $attr, $label, $description );
}

What's new?
-------
$post_value = self::get_post_data( $attr['name'], false );

if($post_value){
$attr["value"] = $post_value;
}

$markup = self::implode_attr( $attr );

$post_value = self::get_post_data( $attr['name'], false );
Between the post_value and $markup definition, we added a check if there's a post value set, and set the value in the $attr Array (function param) . Afterwards the $markup is defined and get's either the $attr["value"] or the post value.

Then later in the function the line
$html .= sprintf( '<input size="1" %s %s/>', $markup, ( $post_value ? 'value= "' . $post_value . '"' : '' ) );
gets replaced by
$html .= sprintf( '<input size="1" %s />', $markup );
because it's not neccessary to output the value twice and the value is set correctly above.

Could you please check and integrate the bug fix (or fix it in a better way) so that we can use Forminator for a real customer project?
By now it's not possible to use Forminator because of this bug.

Best regards,
Andreas

  • Adam Czajczyk

    Hi Andreas

    I hope you're well today and thank you for pointing that out!

    I have already forwarded it to our developers so they could check and fix that. It's a bit beyond me to tell you upfront whether they'll use your fix or will come up with some other solution but we appreciate such detailed feedback and suggestions so I also made sure that some points are already flying you way :slight_smile:

    Best regards,
    Adam

  • Andreas

    Adam Czajczyk awesome and thank you!
    i think this is really crucial and should be on high prio, because it affects the base functionality of Forminator.
    please have a look at my screencast http://drops.treehighroots.de/3ea97dc1fe8d, where you can see the following:
    - in form settings, ajax is disabled
    - in form settings the validation method is "server only"
    ( we, and other users, need this, because the form should funtion without javascript)
    - the form has a required email field
    - the form has a text field with a default value "default val from backend"

    now for the bug:
    - i don't enter an email address (which is required)
    - i change the text's default value to "new value"

    expected behavior on submit:
    - the page reloads and show the error messages
    - the text input should have a value of "news value"

    wrong behavior:
    - the text input has a value of "default value"

    imagine a form with 50 fields and default values.
    if the user fills all 50 fields and there's only one validation error, all 50 field values are gone and replaced by their default values.

    could you hand this over to the devs and set it to high prio?
    we really need the form's working 100% right to finish our implemenation using the outstanding Forminator plugin for our customer.
    (the bug fix, or one solution for it, is already provided through our code (see above)).

    best regards,
    Andreas

  • Adam Czajczyk

    Hi Andreas

    Thanks for the feedback and additional information.

    I can see how this can seriously break entire "workflow" and I've also passed this last message from you to our developers too as I believe it clearly shows the nature of the issue.

    I'm afraid I'm not able to set priorities - they have insight to all the issues that were/are reported by Members and us (support team) as well as our Q&A team so they do set priorities themselves based on that. But I believe that's something of a critical nature so I have urged them to check it and asked to deal with it as soon as possible.

    Thank you again for reporting this!

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.