The story begins with me trying to understand why the gravity forms confirmation message is not sent to a third-party application that I use via HTML post requests.
After many manually handled cases, I started noticing a pattern that revealed where all of my issues were coming from. That pattern was the URL encoding part I was missing.
To give you some background, everything looks fine when a Notification mail is sent from Gravity Forms to the recipients (in our example, me). But when it turns to the confirmation message, the plugin it self does not encode the values submitted by the users.
After I understood what was happening, I had to encode all of the values somehow. There are many ways to achieve that, and all of them are probably much better than my final workaround, though I am still writing this to share my learnings.
I chose to use the 'gform_pre_submission' function from Gravity Forms webhooks and encode all the critical fields that might cause a problem before the actual submission of the form.
As one could, though, if the value is encoded before the submission, doesn't it affect the notification mail? Short answer, yes, it is. But to fix that, I used another function called 'gform_pre_send_email' and replaced those values by decoding them to "utf-8" strings.
Why didn't I encode them in the confirmation stage? At that point, the response to the user was a custom-coded message, and I had to encode it as a whole, which was not a choice.
I hope you get some value and learnings from this story. As a gift for reaching that far, with my friend chatGPT, we made you a poem.
URL encoding is a must, when writing code
Sending data with HTML requests, it's not just a mode
For user's inputs may not always be right
And lead to errors, with no end in sight
But URL encoding helps to fix that flaw
By converting special characters, and making it all raw
So data can be sent, without any mix
And servers can understand, just what we want to fix
And never forget, the user input's impurity
It may contain errors, that bring insecurity
So before it's processed, verify with care
To avoid any risks, and keep your code fair.
In short, URL encoding is a key
To sending data, the right way to be
And validating user's submissions, is a must
For security reasons, and to keep your code robust.
Have a nice day :)
Top comments (0)