New to the community? Start here

[Forminator Pro] [Forminator Pro] Refer URL is not correct when slug with percent-encoding

When we submit a forminator form from non-ensligh URL. The Refer URL shows wrong URL. It may cut off some string. For example:

source: https://blog.eletang.com.tw/2018/08/01/wakey%e5%be%ae%e8%aa%b2%e7%b5%90%e5%90%88%ef%bd%85%e6%a8%82%e5%a0%82%e4%ba%92%e5%8b%95%e7%9b%b4%e6%92%ad%e8%be%a6%e8%ac%9b%e5%ba%a7%ef%bc%8c%e5%8a%a9%e5%85%92%e7%a6%8f%e5%8b%9f%e5%9f%ba%e9%87%91/

and Refer URL will be: https://blog.eletang.com.tw/2018/08/01/wakey/

Tue, 30 Jul 2019 11:13:46

Adam
- Support Gorilla
- 7,320 pts: Hero points 37,481 pts: Rep. points LEVEL 30
Hello James Peng

I hope you’re well today!

I checked this and while I can replicate it, I can also say that it’s actually a… WordPress issue rather than Forminator’s :slight_smile: Forminator is using core WP functions to sanitize data and apparently this strips those characters.

As a quick and simple workaround, we can use Forminator’s built in filter to apply our own sanitization to the hidden field value:
```
<?php



add_filter( 'forminator_field_hidden_sanitize', 'custom_field_hidden_sanitize', 10, 3);

function custom_field_hidden_sanitize( $data, $field, $original_data ) {

return wp_strip_all_tags( $original_data, true );

}
```
This code will override a built in sanitization and only strip any tags from submitted data (html tags, tags like <script>:wink: so it might not be as secure as it should be but you can experiment with various ways to secure the submitted url (which is passed in the $original_data variable).

I tested it and while it still doesn’t display such URL in a “human readable” form, it’s at least storing entire working URL – it’s “URL encoded” but it’s not cut off and is working.

To apply this solution to the site:

– create an empty file with a .php extension (e.g. “forminator-hidden-field-custom-sanitization.php”:wink:

– copy and paste code into it

– upload the file (using FTP or cPanel’s “File Manger” or similar tool) to the “/wp-content/mu-plugins” folder of your WordPress install; if there’s no “mu-plugins” folder inside “wp-content” folder, just create an empty one.

I have also reported the issue to our developers as a bug so they could find a better solution for this and implement it in one of the future versions of the plugin.

Best regards,

Adam
James Peng
- Flash Drive
- 76 pts: Hero points 45 pts: Rep. points LEVEL 2
Hello Adam,

You save my life again :slight_smile:

One more question. If I want to resolve the URL encoded problem, how can I do that?

Would you please give me some tips?

Thanks.
Adam
- Support Gorilla
- 7,320 pts: Hero points 37,481 pts: Rep. points LEVEL 30
Hi James Peng

I’m glad I could help!

As for displaying these addresses in a “readable” form, I’m afraid that’s a bit more “tricky” thing and we’ll need to wait for developers to address that in core.

In general, what would have to be done here would be to run simple “url_decode()” core PHP function on the URL and that sounds easy enough. But I tried to find some relevant filter or action hook in plugin code and I wasn’t able to so I don’t really have a way to apply that function. I’m afraid that’s as far as I can go with this without our developers help.

I asked them though if, while looking for the permanent fix, they’d be able to help us meanwhile with making this showing up nicely so if I got any tips on it from them, I’ll update you here.

Best regards,

Adam
James Peng
- Flash Drive
- 76 pts: Hero points 45 pts: Rep. points LEVEL 2
Hi Adam,

Roger that. And thanks for your help.

I’m looking forward to your good news.

regards,

James
Adam
- Support Gorilla
- 7,320 pts: Hero points 37,481 pts: Rep. points LEVEL 30
Hi James Peng

Meanwhile, I found a “trick” that might work for you. Before I share though, let me first apologize and… warn: it’s really a “dirty” trick and I wouldn’t recommend using it in a long run. It’s also pretty much “against the rules”. But it seems to be working on my end :slight_smile:

That said, you can try adding following code to the mu-plugin that you already created prevously:
```
function forminator_decode_submission_urls_js_hack() {



$screen = get_current_screen();

$page = $screen->id;

if ( $page == 'forminator-pro_page_forminator-entries' ) {



?>

<script type="text/javascript">



jQuery('.sui-box-settings-slim-row').each(function() {



var regex = /https?://[-A-Za-z0-9+&@#/%?=~_|$!:,.;]*/g;

var field_value = $(this).find('.sui-box-settings-col-2 span').html();



if ( field_value.match(regex) ) {



$(this).find('.sui-box-settings-col-2 span').html( decodeURIComponent(field_value) );



}



});



</script>

<?php

}



}

add_action('admin_footer', 'forminator_decode_submission_urls_js_hack');
```
Just make sure that the code I shared before is still there and this one is added after it. In case it didn’t work or would break the site, just remove it and everything should get to normal.

Now, what it does exactly? It “tricks” the page sources: once the submission list is already rendered, it uses jQuery to “scan” for specific DOM elements and check if they contain an URL and if so, it uses native JS to “decode URL” and then jQuery again to simply replace displayed HTML.

In general, it only affects what you see in back-end on submissions list. It does not alter any data and will not affect data export. It’s only fired up on submission list page too.

Please note though: it works on my default setup so hopefully it will also work for you but that’s all I can get for now. I also strongly advice for using it only temporarily (as a very temporary workaround) and only if absolutely necessary.

Best regards,

Adam
James Peng
- Flash Drive
- 76 pts: Hero points 45 pts: Rep. points LEVEL 2
Hi Adam,

I really appreciate your patience and that huge help.:thumbsup:

And I tried, it works smoothly for me.

Many thanks again. :smiley: :smiley:

regards,

James

How do you rate me?

Thank you for rating your experience!