First, I should note that I am unable to duplicate this myself - it's an effect I'm seeing from user-entered data and I'm not sure how they're accomplishing this. This is running on Drupal 6.20, Webform 6.x-3.9
I have a form with fields requiring a number between 1 and 50000000, so I've set the range as 1|50000000
Note also that I have Webform set to field and value lengths of 8 characters maximum.
Everything works as expected when I attempt to enter data myself, tested on MSIE, Firefox, Opera, and Safari.
And yet, I have user data in these forms that exceeds not only the 50 million maximum number, but the 8 character limit as well. What I want to know is HOW they're doing this, and WHY is it getting through. Is this some sort of injection attack that isn't being checked against? It's kind of demoralized my faith in getting valid data collected.
Here's my URL for the form, in case that helps...
http://note2friends.com/contest/contest-mystery-number-one
Thanks,
Klaus
Comments
Comment #1
kbrune commentedSorry, my bad. False alarm. Turns out prefixes had numbers in them which looked co-mingled with the actual collected data {blushing}