search

verbb / formie

The most user-friendly forms plugin for Craft CMS.
Other
93 stars 70 forks source link

Bots throw exceptions when filling in phone fields #1968

Open bartdigitalpulse opened 3 days ago

bartdigitalpulse commented 3 days ago

Describe the bug

Bots can fill in an invalid country code in the phone field. This causes an exception in the commerce guys lib. There should be a valid country code check before. 

{
    agree: 1,
    emailAddress: tdhtqhdmmw.hm@silesia.life,
    name1: Cheryse,
    phoneNumber: {
        country: 1,
        number: 1
    },
    questionOrRequest: Cheryse Saueauk
}

Stack trace:


#18 /vendor/commerceguys/addressing/src/Country/CountryRepository.php(97): CommerceGuys\Addressing\Country\CountryRepository::get
#17 /vendor/verbb/formie/src/models/Phone.php(100): verbb\formie\models\Phone::getCountryName
#16 /vendor/yiisoft/yii2/base/Component.php(231): yii\base\Component::__isset
#15 /vendor/yiisoft/yii2/base/Model.php(1021): yii\base\Model::offsetExists
#14 /vendor/verbb/formie/src/helpers/Variables.php(434): verbb\formie\helpers\Variables::_getParsedFieldValue
#13 /vendor/verbb/formie/src/helpers/Variables.php(377): verbb\formie\helpers\Variables::_getParsedFieldValues
#12 /vendor/verbb/formie/src/helpers/Variables.php(255): verbb\formie\helpers\Variables::getParsedValue
#11 /vendor/verbb/formie/src/controllers/SubmissionsController.php(1193): verbb\formie\controllers\SubmissionsController::_setTitle
#10 /vendor/verbb/formie/src/controllers/SubmissionsController.php(1160): verbb\formie\controllers\SubmissionsController::_populateSubmission
#9 /vendor/verbb/formie/src/controllers/SubmissionsController.php(467): verbb\formie\controllers\SubmissionsController::actionSubmit
#8 [internal](0): call_user_func_array
#7 /vendor/yiisoft/yii2/base/InlineAction.php(57): yii\base\InlineAction::runWithParams
#6 /vendor/yiisoft/yii2/base/Controller.php(178): yii\base\Controller::runAction
#5 /vendor/yiisoft/yii2/base/Module.php(552): yii\base\Module::runAction
#4 /vendor/craftcms/cms/src/web/Application.php(305): craft\web\Application::runAction
#3 /vendor/craftcms/cms/src/web/Application.php(606): craft\web\Application::_processActionRequest
#2 /vendor/craftcms/cms/src/web/Application.php(284): craft\web\Application::handleRequest
#1 /vendor/yiisoft/yii2/base/Application.php(384): yii\base\Application::run
#0 /index.php(12): null```

### Steps to reproduce

1. Bot fills in form with phone number field + country code

### Form settings

- Multi-page form: No
- Submission Method: Ajax
- Client-side Validation: Yes
- Custom Form Templates: Yes

### Craft CMS version

Craft Pro 4.10.4

### Plugin version

2.1.20

### Multi-site?

Yes

### Additional context

_No response_
engram-design commented 3 days ago

Fixed for the next release. To get this early, run composer require verbb/formie:"dev-craft-4 as 2.1.20".