Pre-Populate Order Form With Details Via Get Or Post

[a.daniello]

Calling an order form to sell a product/service (expecially if you are using Universal Module), it very useful if i can post/get some value for fields in package/service options.

 

So is possible to set field value dinamically, based on page that calls order form (usually an external service managed via Universal Module).

 

This implementation is very simple and fast: simply check if isset a $_POST/$_GET with same name of my field option; if yes, it setted as value of field.

 

Thanks,

Achille

[Michael]

You could open yourself to exploits using them...

[flangefrog]

You could open yourself to exploits using them...

 

If it's just setting a text field or something then it should be fine, as any user input including the field would not be trusted anyway.

Edit: of course it should still be filtered for XSS though.

[a.daniello]

In my idea, it's just a way to "pre-set" some values dinamically.

E.g.: i've some services. I want use Blesta to add/delete (start/suspend) this service, for billing and payments. In web page of my service i add a link "Upgrade" that point to an order form in Blesta based on a product defined via "Universal Module". So i need to post to order form some values that, returned by Blesta after payment, give me the ability to "upgrade" service or not. Naturally, i must make "secure" these values (encrypt id_service and id_user, for example, and at the end decrypt to check security).

It's all.

At moment i do this adding this code

if ( $key == 'values' && isset($_GET[ $field_data[$i]['name'] ]) ) {
$field_data[$i][$key] = $_GET[ $field_data[$i]['name'] ];}

at line 606 of universal_module.php in "components/modules/universal_module", but Paul & Co can do better!