Uniform - no validation

The CMS Questions
1

Hi
I’m trying to insert the uniform plugin. I’ve installed it, created the controller and the template.
But when I try to submit the form nothing happens. There is no php error an no error in the browsers dev-tool.
The controller and the template are copy/paste from the github instructions.

It seems that there is no validation. It doesn’t matter what info I submit, the form always gets sent. But without any error/success message. It looks as you would just reload the page instead of submitting.

If I insert the plugin in a fresh kirby-starterkit it works just fine. I can’t see any conflicting parts. I just have installed the column-plugin, no other plugins.

I hope anyone can help? Thanks.

2

Do you have caching enabled on your site?

3

Thanks for you reply.
No, caching isn’t enabled, yet.

4

Does the form in fact send a post request and if so, does it contain anything or is it just empty (in dev tools network tab)?

5

It sends a post request with the information I’ve entered.

name:My Name _from:email@test message: website: _submit:q5YBPxYAEkMVopUkzBcm

6

Could you please post your code? Especially the controller code and the form code from the template. Maybe you forgot something while copying the code.

7

Also check that there is no redirect response to the POST request. This issue has been covered here.

8

Here’s my code.
controller:

<?php

return function($site, $pages, $page) {
    $form = uniform('contact-form', [
        'required' => [
            'name'  => '',
            '_from' => 'email'
        ],
        'actions' => [
            [
                '_action' => 'email',
                'to'      => 'othername@email.com',
                'sender'  => 'name@email.com',
                'subject' => 'New message from the contact form'
            ]
        ]
    ]);

    return compact('form');
};

and the template:

<form action="<?php echo $page->url()?>/#form" method="post">

    <label for="name" class="required">Name</label>
    <input<?php e($form->hasError('name'), ' class="erroneous"')?> type="text" name="name" id="name" value="<?php $form->echoValue('name') ?>" required/>

    <label for="email" class="required">E-Mail</label>
    <input<?php e($form->hasError('_from'), ' class="erroneous"')?> type="email" name="_from" id="email" value="<?php $form->echoValue('_from') ?>" required/>

    <label for="message">Message</label>
    <textarea name="message" id="message"><?php $form->echoValue('message') ?></textarea>

    <label class="uniform__potty" for="website">Please leave this field blank</label>
    <input type="text" name="website" id="website" class="uniform__potty" />

    <a name="form"></a>
<?php if ($form->hasMessage()): ?>
    <div class="message <?php e($form->successful(), 'success' , 'error')?>">
      <?php $form->echoMessage() ?>
    </div>
<?php endif; ?>

    <button type="submit" name="_submit" value="<?php echo $form->token() ?>"<?php e($form->successful(), ' disabled')?>>Submit</button>

  </form>

@mzur: I’ve tried it with and without the ‘/’, there is no difference.

9

Okay, let’s see:

  • Does the token (value of the submit button) change whenever you submit the form?
  • Are the form field values preserved when you submit the form but e.g. one required field has no content?
  • Does l::get('uniform-email-success') return anything?
10

Thanks a lot for your time…

=> Yes

=> No. There is nothing stored in the field on submitting. No error and no success message. It behaves almost like you would reload the page.

=> Yes, if I insert php <?php echo l::get('uniform-email-success') ?>or every other entry, it returns the value fitting it. I’ve let the language constants in the plugin folder and didn’t insert it in my language file. But even if I insert it there, nothing changes.

11

That’s a tough one. Can you make a minimal example of your page that is not working like you describe and send it to me as a ZIP or something? You can send me a private message with the ZIP, too.

12

Well, this is definitely one of the strangest bugs I’ve ever seen :smile: I’ll answer you publicly here because this might affect other Uniform users as well.

In your header snippet you generate the URL for a background image dynamically using PHP and set it as inline CSS. In your example site the PHP output for the background image is always empty (because there is no image), resulting in HTML like this:

<header style="background-image:url();">

Note the empty url()

What happens when the browser encounters an empty url() in the CSS, we can observe in the request log:

Screenshot from 2016-02-29 20:13:24.png964×142 21.9 KB

The page /eventregistration/ is fetched twice! When encountering an empty url() in the CSS, the browser requests the same URL of the page again and actually expects the server to respond with an image this time! Theoretically this is possible because the second request asks for an image MIME type as response but who would do such a thing?

As far as Uniform is concerned this second request is a very legitimate one (it doesn’t care what MIME type is requested) and it re-generates the CSRF token (the token of the submit button), invalidating the old token that was served with the first request on the way. Now if you try to submit the form, you will use the old invalid token and Uniform simply ignores the request.

To fix this, change the inline CSS to background-image:none instead of background-image:url() if there is no URL.

2 Likes
13

Thanks for the explanation. Very helpful for other users. :slight_smile:

14

Wow, @mzur. You’re awsome. I owe you something!
That’s crazy, I’ve never thought about that it could depend on my header.

Thank you very much.