freescout
freescout copied to clipboard
freescout-helpdesk
End user module, required filed not respected
PHP version: 8.3 FreeScout version: 1.8.120 Database: MySQL Are you using CloudFlare: Just the name server but not using Cloudflare proxy End user module updated to the latest version. Browser used Firefox 122.0
If in the user portal the consent option is activated, this is not required in the form. The consent option must be required, user must be not able to submit a ticket if they don't accept the privacy policy.
Also I made a custom field required and in the form is not required. There is the asterisks * but user are able to submit the ticket even if has not select anything.
So there is a bug that never validate the custom field and the consent check box.
You can see also the Subject (Oggetto) that is required is not requested to the user to submit the ticket. There is bug in field validation, some filed required are not required to the user. User are able to submit the ticket even if they miss some required field!
https://i.postimg.cc/9QqgFxmG/1sm.gif
We can't reproduce the issue.
Are you using any non-official modules? Do you have any error in your browser console?
Hi, thanks for the reply. I'm not using any custom module. The issue seems to be caused by your extension Extra Security.
If the captcha is active the required field never work.
I tested without the Extra security extension required field seems work, with the extension active seems required fields are not working.
I was surprised to never be able to reproduce in your demo so I understood the issue is the Extra Security extension and the test confirmed that.
Your Extra Security extension has another issue that I reported but you closed the issue without the issue is resolved. If the end user page is protected from the re-cpatcha the widget is not.
If the widget is used I can have a page where attachers can create infinite tickets of spam without effortlessly and quickly. https://github.com/freescout-helpdesk/freescout/issues/3763#issuecomment-1951095829
Also once a widget is active cannot be turned off to stop the attack, I means the direct link will always be available so.. don't have a protection for spam seems can be dangerous. I'm no more using the widget because I feel not safe under a fix or a solution is found.
I'm happy to see you are reply to issues and you are looking in what I'm reporting, thank you for that! I think we are on the good way to see the issue of required filed reported in this topic.. to be resolved. I hope in a fix from you :)
A possible cause:
he re captcha check should be maybe run after all field checks. From what I can see if the captcha is active then as soon the user press the submit button the captcha is required, I believe this is not good. The Captcha should be asked only after all field check has been past so.. maybe the issue is that the captcha should be run after all field checks.
Hey freescout-helpdesk, thank you!
Thanks for keeping the discussion opened also when you was not able to reproduce and for request more info's. Thanks for fixing this.