PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

bypassing required fields

  1. Hello;
    We have a form on our site with a few required fields (http://charismaarts.com/phone-coaching)...

    there have been a few submittals lately with "no data" on them. this seems impossible as you should not be able to submit the form without putting something in those fields. I tried to duplicate it myself on 4 browsers; (FF, safari, IE and chrome) and on all 4 I got errors which made me fill in the fields; so I was not able to submit form without filling in those fields...

    does anyone know how these the form can be submitted without required forms being filled out?

    thanks, G

    Posted 7 years ago on Saturday November 24, 2012 | Permalink
  2. I'm certain there are ways a hacker or enterprising individual could submit a form without following all the rules. You could check your web server logs to see the IP address of the submitter, and the page they came from and the page they submitted the form from. Some of that information might be available in the form meta box on the right side of the form entry page.

    Also, if you have caching enabled, you could see strange issues with submissions. It would be bad if people are actually submitting data in the form, but you're not receiving it due to a problem on the server.

    If the entry comes through empty, it is normally just annoying. Is there something particular about an empty entry which causes trouble in your organization, or are you just curious about how it might happen?

    Posted 7 years ago on Monday November 26, 2012 | Permalink
  3. it is mainly just annoying; just wanted to know if this was a know issue or problem or anything...thanks!

    Posted 7 years ago on Monday November 26, 2012 | Permalink
  4. Not a known problem that I know of. So long as you are not hearing from customers who have submitted, indicating they sent you something and you never responded, I don't think you have a problem.

    If you are using a caching plugin, be sure to turn that off for Gravity Forms, as that can cause trouble with the entries.

    Posted 7 years ago on Tuesday November 27, 2012 | Permalink
  5. red
    Member

    Hello,
    We had this happen where a form email came through with empty fields. We have captcha and a few required fields. Tested with both javascript on and off, and we can't replicate bypassing the required fields.

    What's also odd is that there was no corresponding entry in the Admin -> Forms -> Entries, but maybe it's partially in the db because now the entries list is acting strange - when I try to delete a test entry, it won't move it to trash. The Switch Form drop down also doesn't work anymore. The count is correct though.

    * No caching plugins installed
    * Running WP 3.4.2, soon to upgrade to 3.5.1

    This was the only time this has happened. We tracked the accessing IP address to what looks like India and have blocked the IP.

    Will check into the database directly to see if there is a partial entry not showing in the admin area. Any ideas on how a script could bypass the required fields?

    Thanks!

    Posted 7 years ago on Wednesday January 30, 2013 | Permalink
  6. I've never hacked around much with Gravity Forms, but I suspect it's possible to get a submission through without actually completing the form. We have only had a couple instances of scripted submissions of Gravity Forms, so it's not a widespread problem. If you find out any more information, please share it with us and we'll see if we can help pinpoint the problem.

    Posted 7 years ago on Thursday January 31, 2013 | Permalink
  7. red
    Member

    Thanks for the reply. Didn't find any partial entries in the database, so no clues to go on with figuring this out further unless it happens again.
    Take care!

    Posted 7 years ago on Thursday January 31, 2013 | Permalink