ClassiPress does not validate form submission on server-side!
BUG: Users can bypass field requirements and format restrictions when submitting ads ------------------------------ Steps to reproduce: Go to AppThemes demo site:
http://demos.appthemes.com/classipress/ ------------------------ 1. Select a category (e.g. Auto > Boats > Sail boats). ------------------------2. Notice “Title”, “Price”, “State” , “City”, and “Description” are required (the fields have asterisks).------------------------ 3. Fill out all of those fields except for “Price” (leave that one blank). --------------------------- 4. Use a live HTML inspector (e.g. in FireFox, right-click the “Price” field and press “Q”; or use Firebug) to remove the “required” class from the “cp_price” input element. ------------------------ 5. Click the “Continue” button to submit the form. --------------------------- 6. Notice the “Price” field is empty in the “Review Your Listing” page. Whatever server-side validation was done to the field didn’t catch it. --------------------------- Final Step: 7. Since the ClassiPress demo site won’t allow visitors to post ads, I performed the above steps on a random ClassiPress-based site I found online. I was able to post an ad without a required price. --------------------------- Question to an AppThemes representative: Where else do you rely completely on client-side validation in ClassiPress? Customers can work to patch these holes until you release a fix. ==================== Note: FORUM ISN'T LETTING ME FORMAT MY POST (no newlines, not HTML, no attachments). What is going on?