|
| 1 | +<?php |
| 2 | +/** |
| 3 | + * Gravity Perks // Populate Anything // Force Repopulation on Form Submission to Prevent Tampering |
| 4 | + * https://gravitywiz.com/documentation/gravity-forms-populate-anything/ |
| 5 | + * |
| 6 | + * This snippet forces GP Populate Anything to repopulate field values on form submission, |
| 7 | + * overriding any potential user tampering with the $_POST data. This ensures that dynamically |
| 8 | + * populated fields always contain the correct values based on their population settings. |
| 9 | + * |
| 10 | + * Instructions: |
| 11 | + * 1. [Install the snippet.](https://gravitywiz.com/documentation/managing-snippets/#where-do-i-put-snippets) |
| 12 | + * 1. Add the CSS class `gppa-secure` to any field where you want to force repopulation. |
| 13 | + * 2. The snippet will automatically replace submitted values with the correct populated values. |
| 14 | + */ |
| 15 | +add_filter( 'gform_pre_process', function( $form ) { |
| 16 | + |
| 17 | + // Skip if GPPA is not available |
| 18 | + if ( ! function_exists( 'gp_populate_anything' ) ) { |
| 19 | + return $form; |
| 20 | + } |
| 21 | + |
| 22 | + $field_values = gp_populate_anything()->get_posted_field_values( $form ); |
| 23 | + |
| 24 | + foreach ( $form['fields'] as $field ) { |
| 25 | + |
| 26 | + // Skip fields that don't have the security CSS class |
| 27 | + if ( ! $field->cssClass || strpos( $field->cssClass, 'gppa-secure' ) === false ) { |
| 28 | + continue; |
| 29 | + } |
| 30 | + |
| 31 | + // Only process GPPA-enabled fields |
| 32 | + if ( ! gp_populate_anything()->is_field_dynamically_populated( $field ) ) { |
| 33 | + continue; |
| 34 | + } |
| 35 | + |
| 36 | + $working_field_values = $field_values; |
| 37 | + unset( $working_field_values[ $field->id ] ); |
| 38 | + |
| 39 | + $populated_field = gp_populate_anything()->populate_field( $field, $form, $working_field_values, null, true ); |
| 40 | + $correct_value = $populated_field['field_value']; |
| 41 | + |
| 42 | + $working_field_values[ $field->id ] = $correct_value; |
| 43 | + |
| 44 | + // Handle multi-input fields (like Name, Address, etc.) |
| 45 | + $is_multi_input = is_array( $field->inputs ) && ! empty( $field->inputs ); |
| 46 | + |
| 47 | + if ( $is_multi_input ) { |
| 48 | + // For multi-input fields, override each input with correct value |
| 49 | + foreach ( $field->inputs as $input ) { |
| 50 | + $input_id = str_replace( '.', '_', $input['id'] ); |
| 51 | + $post_key = "input_{$input_id}"; |
| 52 | + $correct_input_value = rgar( $correct_value, $input['id'] ); |
| 53 | + |
| 54 | + // Override with the correct populated value |
| 55 | + $_POST[$post_key] = $correct_input_value; |
| 56 | + } |
| 57 | + } else { |
| 58 | + $_POST["input_{$field->id}"] = $correct_value; |
| 59 | + } |
| 60 | + } |
| 61 | + |
| 62 | + return $form; |
| 63 | +}, 2 ); |
0 commit comments