|
Title: [FIX] Securing Contact Form V1.0 Post by: victor on February 26, 2008, 05:47:20 PM Hi, we've developed a small JS to prevent blank emailing from the HCL Contact Form. As you know, in the current installation everyone can send a blank messages from the contact form. These is a temporary fix, and it's not currently validating all fields as it should, but it will prevent the blank emailing option.
FIX DETAILS Complexity: Low Time: ~ 5 Minutes HCL Version: 2.1.5 INSTALLATION 1.- Download the script.js and copy it to your HCL folder (ex. hcl/script.js) 2.- Open the following file hcl/templates/Bliss/live_divert.tpl (change Bliss for G if you are using the G tamplate) 3.- Aprox on line 11 find {/if}. Before this line copy this code: <script type="text/javascript" language="javascript" src="../script.js"></script> 4.- Aprox on line 42 find this: <form action="{$_SERVER.PHP_SELF}" method="post"> Replace it with <form action="{$_SERVER.PHP_SELF}" method="post" onSubmit="return validate(this);"> 5.- Save file CONSIDERATIONS 1.- If you want to change the text on the alerts, you will need to edit the script.js file. 2.- Currently the script is no validating if the email contains an @ or a valid TLD. We will be working on that 3.- Consider this is a temporary fix, the new version will have this option fixed by default 4.- If you have questions or want to help improving this script you can reply to this post Title: Re: [FIX] Securing Contact Form V1.0 Post by: HCL Admin on March 17, 2008, 01:25:38 PM Victor, you should post this in the development section and share with the world. :)
Title: Re: [FIX] Securing Contact Form V1.0 Post by: SpenserJ on June 11, 2009, 04:38:08 PM And a captcha helps to block empty fields how?
Please leave the dead topics (anything that hasn't been posted on for over a month) alone. There will be no zombie threads while I am watching! On another note, thank you for the fix Victor! Spenser |