Submitting fields that are not allowed should result in a validation error

Question

Submitting fields that are not allowed should result in a validation error

Closed this issue 3 years ago · 0 comments

Description

I like the new allowedMessageFields setting to limit what fields are allowed to be sent. But I've noticed that instead of adding validation so that submitting a form with illegal fields will be prevented, the mailer just silently omits every field from the HTML email body that isn't allowed. So a bad actor can still tamper with the form and successfully submit it. This is troublesome for some reasons:

If you do anything else with the submissions, like saving them somewhere, you'll still need to manually validate that there aren't any additional unallowed message fields.
If you want to add a field to an existing form and don't know about that setting, the plugin won't provide any errors to indicate as to why the field won't show up in the e-mail. This can lead to a lot of wasted time and head-scratching.
Manipulated requests with additional fields are likely to be malicious, so preventing those submissions completely would generally be a good idea.

Can the implementation of this feature be changed to add the allowedMessageFields rules as a validation rule to the Submission model instead?

Steps to reproduce

Set the allowedMessageFields config to allow only some fields.
In any contact form, add an additional message with an input with name message[illegalInput].
Submit the form. The submission will go through, even though the illegalField won't show up in the Email.

Additional info

Craft version: 3.7.38
PHP version: 8.1.5
Database driver & version: MySQL 8
Plugins & versions: Contact Form 2.5.0