The pollfield_voting_form returns a rendered form for use on the node pages (and some others in think). However the form isn't processed as drupal forms should be so it has no proper form_id and also doesn't allow for hook_form_alter's to be run on it. Basically I think you just need to run drupal_prepare_form on the form so that it acts as it should. I've attached a patch that fixes this issue.

CommentFileSizeAuthor
#8 pollfield_redirect_668190.patch688 byteshadsie
#6 pollfield_668190.patch493 byteshadsie
pollfield_process_form.patch493 byteshadsie
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

hadsie’s picture

hadsie CreditAttribution: hadsie commented

Also, on a related note it would probably be better to use a proper submit handler instead of the pollfield_vote() function. On a site I'm building the actual voting is happening not on the node page but on a related page, so it's important for me to be able to control the redirect, which pollfield_vote() overrides.

nedwardss’s picture

nedwardss CreditAttribution: nedwardss commented

I'm having this issue with it redirecting me off the page I'm on as I'm putting the pollfield on a related page as you mention. Have you been able to solve this? I've been trying to have the pollfield.module just redirect me to the page I'm on but I'm having no luck. I've been trying to change these:

// Set destination to override #action that would redirect back to pollfield/vote.
  
  $_REQUEST['destination'] = 'node/'. $nid;
  drupal_goto('node/'. $nid);

to no avail.

hadsie’s picture

hadsie CreditAttribution: hadsie commented

With the way it's currently implemented I don't think there's a good way to do it besides removing the drupal_goto in pollfield_vote(). In my case it's ok that it redirects to the node page for now so I haven't changed it.

mario_prkos’s picture

mario_prkos CreditAttribution: mario_prkos commented

I already planed to changed how this form is submit and i already started to work on it but this was not on my high priority list. Now I see there is issue about that and we can do something about that. If I do as hadsie suggested in #1 will it solve your problems? Any other suggestions is welcome.
Happy Holidays to all!!

hadsie’s picture

hadsie CreditAttribution: hadsie commented

Thanks @mario_prkos! Let me know if there's anything I can help you with as well.

hadsie’s picture

hadsie CreditAttribution: hadsie commented
FileSize
pollfield_668190.patch493 bytes

Here's a re-rolled patch to match with the latest dev version.

mario_prkos’s picture

mario_prkos CreditAttribution: mario_prkos commented

I did some work to solve this issue and I posted in dev version. Now there is no redirection and form has proper submit handler proper id etc.
I think dev version will refreshed at midnight at GTM time.

hadsie’s picture

hadsie CreditAttribution: hadsie commented
Title: Use drupal_prepare_form in pollfield_voting_form() » Redirect broken in pollfield_vote()
FileSize
pollfield_redirect_668190.patch688 bytes

I've changed the title of the issue as the original issue no longer exists with your changes, however the redirect seems broken now.

At the end of the pollfield_vote() function you have this statement:

  drupal_goto('node/',NULL,'node-'.$nid);

For me that causes the submit to redirect to http://example.com/node#node-123 which I don't think is right... if anything it should be redirecting to node/123 (i.e. drupal_goto('node/' . $nid) )

However, I don't think the drupal_goto should be in there at all. Instead it should be in your pollfield_voting_function_form_submit() function. And I think you should just be able to do something like:

$form_state['redirect'] = 'node/' . $nid

It's also a bit odd how you use $_POST instead of the values submitted by the form. But if pollfield_vote() is called elsewhere maybe that's why you're doing that?

I've attached a patch for this, but it needs to be tested.

mario_prkos’s picture

mario_prkos CreditAttribution: mario_prkos commented

Thank you for testing and comments.
I thought about this redirection and in the beginning I didn't use redirect at all but when I have content river (or very long content ) drupal redirect me to upper part of page and then I have to scroll back to poll I voted. This was annoying to me so decide that when you vote on poll you shoud be redirected to poll where you voted using anchors. I didn't use node/.$nid because I don't want to leave page after I voted. We can try different options and see what people find most suitable. If you notice some strange behavior I will appreciate to let me know.

Using $_POST is basically same as submit bacause submit read data form the post and I didn't change this because it was from previous code which is proved to be good and tested. In future maybe I will change it for now don't fix if it is not broken. What I did is just make proper forms with proper id and change where drupal should go after voting is done.

Mario

hadsie’s picture

hadsie CreditAttribution: hadsie commented

Ok, $_POST is insecure as end users can put anything in there. $form_state['values'] has been cleaned up and sanitized against the available form elements.. it's been properly parsed.

I'd recommend switching that. Also, I noticed a few places you've used hidden form elements where they should be values. It's possible because of this that there's some security issues in the code as well, though I haven't looked closely enough to determine that yet, just saw the hidden's being used as I was skimming the code.

Basically the redirect with the #nid is broken for me, and it does leave the page after voting, as the voting is being done on the node page, not the node listing with teasers page. I believe this would also break if someone has disabled the /node (this is often done because /node doesn't make sense in the context of a lot of sites).

The proper way to do redirects with forms is to use the $form_state['redirect'] so that it can be overridden by site admins... drupal_goto can't be overridden.

As far as the reloading after submitting the results goes... that could be taken care of using ajax as well as I believe the poll module does it.

Cheers

mario_prkos’s picture

mario_prkos CreditAttribution: mario_prkos commented

Yes, I agree with you. You are point important question about security. Hidden data in form is just way to identify what type of pollfield is placed (field name, nid and content type). They are no by any means confidential data that is handle in this manner. All those data are accessible in page source and in many other places. Thats why in my opinion hidden manipulation attack can not do any serious harm. Also data is enter from the form is used to enter db_query function as parameters so it will be proper sanitize and clean to prevent sql injection. I am not web security expert so I put big question mark on what I said so far. Any suggestions and comments on this topic are most welcome.

This redirection is still in progress (working on my test site but obviously not on others :) ). I also think that functionality with and without javascript has to be close as possible. So I will be very happy if we can find good solution without javascript.

Of course there is some of code is legacy in D6 from version D5 (this pollfield_vote function is one) which I didn't have time to redesign and also didn't have any reason to question quality (former maintainer is wellknown).

Thanks for good discussion,
Mario.

nibblebot’s picture

nibblebot CreditAttribution: nibblebot commented

what is the action step to take to fix this?
would this be taken care of by implementing Form API correctly?

giorgio79’s picture

giorgio79 CreditAttribution: giorgio79 commented

#4 as another suggestion, we could simply copy other successful voting api modules, like http://drupal.org/project/rate that uses Ajax to submit the voting stuff.