Closed Tyreal74 closed 5 years ago
@Tyreal74 The spam hook does not check the email!
The spam hook will check all the fields specified in the property spamEmailFields against a spam filter via StopForumSpam. If the user is flagged as a spammer, it will show an error message for that field checked.
See for more info: https://docs.modx.com/extras/revo/formit/formit.hooks/formit.hooks.spam
@MrRoco I think @Tyreal74 means the xjdhbg:blank
validator in his example. I'm seeing the same thing on a few sites. Lots of submitted spam entries with the honeypot field filled in.
Just tested it again with latest FormIt, MODX 2.7.2, PHP7.3. Same thing: form gets send with filled honeypot field.
Ok, in my case it was stumbling over the following:
&validate=`
fb[[*id]]-email:email:required,
[[$fbValidateCustomFields:notempty=`[[$fbValidateCustomFields]],`]]
workemail:blank`
The chunk fbValidateCustomFields can contain extra validation rules, but if the chunk doesn't exist, it somehow prevents the workemail:blank rule from firing.
Adding the comma outside of the :notempty statement or creating an empty fbValidateCustomFields chunk solves the issue.
But it still doesn't explain why @Tyreal74's code is not working, assuming that his validation rules are formatted like that, with a comma as last character before the xjdhbg:blank rule.
Formit Version 4.10 Modx: 2.6.5 PHP: 7 -enforced by htaccess as per hosts instructions.
Updated the website to 2.6.5 as per security announcment; Updated all Extras to most recent version including FormIt to 4.10
Recently had a spate of spam emails so had to disable the contact forms, when i got around to investigating discovered that the honeypot on the form isn't being respected:
FormIt Code below:
HTML for the email section
Email submits every time, when the math capture is correct, but if i remove the math capture and rely soley on the honeypot email, the email is submitted every time as per the email response:
I have tested this manually by dropping all CSS out of the page and using autocomplete and also typing the email addresses and details manually and each time the submission is approved.
Thanks