Thread: Adding a custom hidden input to cartform
View Single Post
  #1  
Old 08-26-2008, 01:19 AM
  Jarron's Avatar 
Jarron Jarron is offline
 

Advanced Member
   
Join Date: Feb 2007
Location: Hong Kong
Posts: 44
 
Default Adding a custom hidden input to cartform
Hi All,

I'm seriously stuck on this one and any help GREATLY appreciated!

Introduction:
I am using Fast Lane Checkout and I am trying to pass a custom field from the "Shipping & Payment" step of checkout back to cart.php when the user submits "cartform".

Under this scenario, "cartform" is found in checkout_2_method.tpl.

Code:
In checkout_2_method.tpl I have added the bottom input ("delivery_date"):

Code:
<form action="cart.php" method="post" name="cartform" id="cartform" onsubmit="return UpdateDeliveryDate();">

 

<input type="hidden" name="mode" value="checkout" />
<input type="hidden" name="cart_operation" value="cart_operation" />
<input type="hidden" name="action" value="update" />
<input type="hidden" name="delivery_date" value="2008-08-23" />

In cart.php I have added the following at the very top of the file to help me with debugging:

Code:
define('USE_TRUSTED_POST_VARIABLES',1);
$trusted_post_variables = array("delivery_date");

 

var_dump($HTTP_POST_VARS);
var_dump($HTTP_GET_VARS);

Note that I added the trusted variables stuff as I thought this might be related to the html stripping that xcart does on non-trusted post variables. However, this turned out to be irrelevant.

Debug Results:
After clicking "submit", the page submits and opens up with the "Place order" step with my debug output at the tp of the page:



1) The var_dump for POST gives me:
array(0) { }



ie. No POST vars are found by cart.php





2) The var_dump for GET gives me:
array(1) { ["mode"]=> string(8)"checkout" }



ie. A subset of the POSTed vars are found by cart.php but they have been switched to GET vars.



Analysis:
So my analysis of all this is:
  • All POSTS are somehow being intercepted before they get to cart.php
  • Logic exists somewhere to decide which ones get through
  • Somehow the ones that continue are converted to GETs (probably using header/location?)
Note additionally that:
  • My debug code in cart.php is before any includes/requires to auth.php or any other file. So this is unrelated to any REQUEST parsing logic in auth.php or it's includes (which I believe includes all of the $trusted_post_variable and html tag stripping logic).
  • I have examined ".htaccess" wondering if there could be some kind of <Limit POST> logic. There is no such logic.
  • Other debug variations in cart.php to detect the posted variable (like $GLOBALS["HTTP_POST_VARS"], $delivery_date, $_POST) also do not work.
  • Obviously the above is a code snippet - I have validated the full HTML code using validator.w3.org
  • I have also looked for any javacript that might be preprocessing the form submit (eg. by using onsubmit) but could find none.
Conclusion:
So it seems to me that something must be intercepting my posted values and parsing them (probably for valid security reasons). But what?

I've tried every avenue I can think of and searched this forum to death....

Any clues will result in a free love child. Yes, I'm desperate.

Fingers Crossed & thx all,


js
__________________
/Jarron Stephens/X-Cart Gold/4.1.12+4.4
/Marketing Manager/AOM/Returns/Massive Customisation....it hurts
Reply With Quote