Would be great if, there was an option for ALL Multi Select Question Types, where
SiteAdmin can determine the maximum amount of Choices a User is allowed to select.
Example : Max No. Permitted to Choose : 3
In Edit profile, the user would be limited to the amount of selections he can make
example : Maximum 3 Checkboxes can only be ticked
That is a good idea. We'll have to look at this.
Yes, this is a great idea.
I'm formulating another FR for Profile fields in general because I'm regularly hitting a wall when attempting to create profile fields. I was spoiled years ago with a programming language named Clarion which offered a lot of options and structure when it came to fields.
I agree. Great idea!
I would do these things too...
cause a site can be easily hacked if validation is not taken care of on any form.
1) Single-line/ Multiple Line Text Input
------------------------------------
- Max Characters Allowed -by Admin
Alert and do not allow User to enter his stuff, reset the input box, when he fails to do so.
- Determine which Characters are allowed - by Admin
Alert and do not allow User to enter his stuff, reset the input box, when he fails to do so
2) Emails / Youtube, Soundcloud Links- Determine Characters & Length allowed - by Admin
---------------------------------------------------------------------------------------------------------
Example : email has 1 @, no. of periods etc..
Alert and do not allow User to enter his stuff, reset the input box, when he fails to do so.
3) Select & Multi-Select Boxes
-------------------------------------
- Limit the Maximum No. of Choices a user can select in Multiple Dropdown Boxes.- by admin
Alert and do not allow User to choose, reset the dropdown , when he fails to do so.
4) Location Box in Profile Qtn has no relation with Edit Location
Validate characters and length - by admin
Alert and do not allow User to enter his stuff, reset the input box, when he fails to do so.
This would include validation of search boxes like these, including TinyMce forms etc..
the goal is to make a hack proof, secure robust site for admins and users.
- with technical documentation provided to admins / businesses, so they know how to protect their sites when they go live and secure payments and subscriptions.
Please remember that a feature request is one item. Please see the stickied post for how to submit feature requests and have each request a separate item.
I am definitely going to file a Feature request for Form Validation - though I think this is such a critical thing for security of a site as stated above
and should be taken up as utmost priority by you guys.
I have noted everything above - a site can easily be hacked
the goal is to make a hack proof, secure robust site for admins and users.
- with technical documentation provided to admins / businesses, so they know how to protect their sites when they go live and secure payments and subscriptions.
How can we accept payments from users - when we know that the site is vulnerable?
I am a little dissatisfied - as I think Form Validation & Profile Field Validation are not being taken seriously enough.
A User can easily hack/break the site by posting scripts in input boxes without form validation.
No they can't. The parser would take care of that. If you are able to hack your site and post code via the input box, please send us the details in a private ticket as hack issues should be sent that way so as not to cause other sites to get hacked while it's being fixed.
yes they can, check my video below.
Sorry , not trying to be difficult- but I see this as a serious problem and my intention is to help fix it.
rather than go through that process of testing,
Wouldnt it easier to just cap the number of characters and disallow certain characters .
-just like any other form validation nowadays.
Exanple
A user can just copy 2 pages of text and paste it in the input box
That right there is not standard practice.
Thanks
Without really even trying...
Heres an example of how vulnerable the site is without standard form validation throughout the site.
A simple test for form validation on my site.
---------------------------------------------
https://www.youtube.com/watch?v=D3f6jlXt2sY
Its a very serious and critical part of keeping sites secure.
Without Form Validation throughout the site, a site is an open door ready to be hacked.
Thanks
I would suggest server end (PHP) and javascript (front end ) validation to start making the site secure
Its a basic minimum requirement.
reference reading
https://formsmarts.com/form-validation
Form validation is required to prevent web form abuse by malicious users. Improper validation of form data is one of the main causes of security vulnerabilities. It exposes your website to attacks such as header injections, cross-site scripting, and SQL injections.
Form data validation is not trivial, because it depends on the
Without a need for 50 FRs ..this is one issue - which is Form Validation throughout the site.
What is needed is ANY form on the site (including profile qtn fields, tiny mce editor, etc..any input or upload forms)
needs to be validated ( server side -php and client side- javascript)
Thats the only way we can safely say the site is secure and not open to hackers.
this is standard practice and basic requirements for any site.
https://www.youtube.com/watch?v=ZPWxEg5qAhw
javascript is not fully supported by all browsers eg .innertext is not supported by Firefox. You use .innertext to check if a value could be empty. Works in IE and Chrome but not in Firefox. and plenty more examples which are not working correct.
All input from a member goes through a parser here where code is stripped and or converted in plain text without special characters. Plain text can be saved in a DB.
Have a read here: http://php.net/manual/en/function.mysql-real-escape-string.php