updated to 1.3.31

CHANGELOG.txt

@@ -6,8 +6,14 @@ MODULE VERSION HISTORY
 
 ------------------------------------------------------------------------------------------------------------------------
 
+        *** 1.3.31 (Martin Hecht: 11-Apr-2019) ***
+        introduce MPFORM_REQUIRED_ATTRIBUTE to control if and how required attributes are delivered
+        introduce private_function_for_field for fine grained input evaluation
+        correction to the captcha patch from 2012
+        suppress other forms on the same page when evaluating a submitted one
+
         *** 1.3.30 (Martin Hecht: 14-Mar-2019) ***
-        secuirty fix for 1.3.29: prevent from injections via url get parameter
+        security fix for 1.3.29: prevent from injections via url get parameter
 
         *** 1.3.29 (Martin Hecht: 07-Mar-2019) ***
         allow to pre-fill fields via url get parameters

add.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

add_field.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

ajax/ajax.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

ajax/ajax_dragdrop.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

ajax/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

ajax/pry_submission.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

constants.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform
@@ -163,6 +163,10 @@ function draw_asp_honeypots($iSectionID) {
     . ' value="{SUBMIT_TEXT}" />');
 }
 
+if(!defined('MPFORM_REQUIRED_ATTRIBUTE')){
+    define('MPFORM_REQUIRED_ATTRIBUTE',
+      ' required="required"');
+}
 
 // MPForm uses section anchors, but if they are disabled in the WB framework,
 // it adds its own anchor. If you even want to suppress this, uncomment the following

copy_field.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

delete.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

delete_field.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

delete_submission.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/DE/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/DE/mpform/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/DE/mpform/private-funktionen.html

@@ -92,12 +92,15 @@ <h2>MPForm-Dokumentation: <b>Private Funktionen</b></h2>
     <dt>function private_function_before_new_form($section_id)</dt>
     <dd>Wird aufgerufen, bevor ein Formular zusammengebaut wird. Hier kann man z.B. Feldinhalte
       je nach zuvor besuchter Seite vorbelegen.</dd>
+    <dt>function private_function_for_field($field_id, $post_field)</dt>
+    <dd>Wird aufgerufen, wenn ein Feld ausgewertet wird. Gibt die Funktion einen Leerstring zur&uuml;ck,
+      wird dies als fehlerfrei gewertet, w&auml;hrend ein nicht-leerer String eine Fehlermeldung f&uuml;r
+      das aktuelle Feld bedeutet.</dd>
     <dt>function private_function_before_email($section_id, &amp;$html_data_user, &amp;$html_data_site)</dt>
     <dd>Wird aufgerufen, nachdem ein Formular erfolgreich ausgef&uuml;llt wurde, aber bevor es
       verschickt und gespeichert wird. Hier k&ouml;nnte man also z.B. Benachrichtigungstexte anpassen.
       Dabei gibt es den Benachrichtigungstext an den Sitebetreiber und denjenigen an den Benutzer.</dd>
-    <dt>private_function_after_email($section_id, &amp;$html_data_site, &amp;$mpform_fields)
-</dt>
+    <dt>private_function_after_email($section_id, &amp;$html_data_site, &amp;$mpform_fields)</dt>
     <dd>Wird aufgerufen, nachdem ein Formular erfolgreich ausgef&uuml;llt und verschickt wurde, aber bevor es
       in der Datenbank gespeichert wird. Eventuell soll der Inhalt in der Datenbank in einem anderen
       Format abgelegt werden, so dass es leichter zu verarbeiten ist, aber in der Benachrichtigungsmail
@@ -115,7 +118,8 @@ <h2>MPForm-Dokumentation: <b>Private Funktionen</b></h2>
 private_function_before_new_form noch nicht. Bei allen anderen: FALSE dient zum Abbrechen des
  regul&auml;ren Programmflusses, bei TRUE geht die Ausf&uuml;hrung weiter.</p>
 <p>Auf der n&auml;chsten Seite gibt es ein Beispiel aus der Praxis: die Programmierung einer
-   Formularschleife.</p>          </div>
+   Formularschleife.</p>
+</div>
 
 
 <!-- ************ Footer -->

docs/DE/mpform/referenz-der-optionen/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/DE/mpform/standardformular.xml

@@ -2,7 +2,7 @@
 <export_section>
         <module>
                 <name>mpform</name>
-                <version>1.3.30</version>
+                <version>1.3.31</version>
         </module>
         <export_section_table>
                 <tablename>mod_mpform_fields</tablename>

docs/EN/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/EN/mpform/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/EN/mpform/private-functions.html

@@ -85,13 +85,15 @@ <h2>MPForm Documentation: <b>Private Functions</b></h2>
     <dt>function private_function_before_new_form($section_id)</dt>
     <dd>Will be called before a form will be assembled. Here you can, for instance, set the current date
       in a field.</dd>
+    <dt>function private_function_for_field($field_id, $post_field)</dt>
+    <dd>Is called for each field being evaluated. If the function returns an empty string, this is
+      treated as success, whereas a non-emptry string means an error message for the current field.</dd>
     <dt>function private_function_before_email($section_id, &amp;$html_data_user, &amp;$html_data_site)</dt>
     <dd>Will be called after a form has been submitted successfully, but before it will be saved or sent
       by email. Here you can, change the message text.<br />
       There are two versions, one for the site owner and one for the user who has submitted the form.
     </dd>
-    <dt>private_function_after_email($section_id, &amp;$html_data_site, &amp;$mpform_fields)
-</dt>
+    <dt>private_function_after_email($section_id, &amp;$html_data_site, &amp;$mpform_fields)</dt>
     <dd>Will be called after a form has been submitted and email has been sent successfully, but before
     data is saved to the database. If you need to postprocess the submitted values for later use and
     you want to keep the original format in the email, this is the place to do this transformation.<br />

docs/EN/mpform/settings-of-mpform/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/EN/mpform/standardform.xml

@@ -2,7 +2,7 @@
 <export_section>
         <module>
                 <name>mpform</name>
-                <version>1.3.30</version>
+                <version>1.3.31</version>
         </module>
         <export_section_table>
                 <tablename>mod_mpform_fields</tablename>

docs/images/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

docs/style/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

evalform.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform
@@ -469,11 +469,10 @@ function eval_form($section_id) {
         // Captcha
         if($use_captcha AND (!(defined('MPFORM_SKIP_CAPTCHA')&&(MPFORM_SKIP_CAPTCHA))) ) {
             if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
-                // Check for a mismatch patch from http://www.websitebaker2.org/forum/index.php/topic,23986.msg167490.html#msg167490
-                if((!isset($_SESSION['captcha'.$section_id])
-                    OR $_POST['captcha'] != $_SESSION['captcha'.$section_id])
-                    && (!isset($_SESSION['captcha'])
-                    OR $_POST['captcha'] != $_SESSION['captcha'])) {
+                if((isset($_SESSION['captcha'.$section_id])
+                    AND ($_POST['captcha'] != $_SESSION['captcha'.$section_id]))
+                    OR (!isset($_SESSION['captcha'.$section_id])
+                    AND ($_POST['captcha'] != $_SESSION['captcha']))) {
                         $err_txt['captcha'.$section_id]
                             = $LANG['frontend']['INCORRECT_CAPTCHA'];
                         $fer[] = 'captcha'.$section_id;
@@ -504,6 +503,7 @@ function eval_form($section_id) {
                 // Loop through fields and add to message body
                 $field_id = $field['field_id'];
                 $curr_field = '';
+                $post_field = '';
                 if($field['type'] != '') {
                     if ((!empty($_POST['field'.$field_id]))
                     or  ($admin->get_post('field'.$field_id) == "0")) { // added Apr 2009
@@ -947,6 +947,18 @@ function eval_form($section_id) {
                     }
                 }
                 $mpform_fields["$field_id"] = $curr_field;
+                // execute private function in private.php, if available
+                if (function_exists('private_function_for_field')) {
+                    $field_errmsg
+                        = private_function_for_field(
+                            $field_id,
+                            $post_field
+                        );
+                    if(!empty($field_errmsg)){
+                        $fer[]=$field_id;
+                        $err_txt[$field_id] = $field_errmsg;
+                    }
+                }
             } // end of field loop
         }
 
@@ -969,7 +981,7 @@ function eval_form($section_id) {
         }
         $mpform_fields = $tmp_mpform_fields;
         // Check if the user forgot to enter values into all the required fields
-        if($fer != array()) {
+        if(!empty($fer)) {
             // paint form again:
             include_once(WB_PATH .'/modules/mpform/paintform.php');
             paint_form($section_id, $fer, $err_txt, false);

export.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

export_submissions.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

functions.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

help.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

htt/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

images/index.php

@@ -7,7 +7,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform

import.php

@@ -6,7 +6,7 @@
  *
  * @category            page
  * @module              mpform
- * @version             1.3.30
+ * @version             1.3.31
  * @authors             Frank Heyne, NorHei(heimsath.org), Christian M. Stefan (Stefek), Martin Hecht (mrbaseman) and others
  * @copyright           (c) 2009 - 2019, Website Baker Org. e.V.
  * @url                 https://github.com/WebsiteBaker-modules/mpform