Form sent with attachment, even though there’s no option to attach files

Hi @justin660,

I hope this message finds you well.

Could you please provide a screenshot of the notification with the attachment you received? This will help us take a closer look at the issue.

Please also provide an export of the form so we can review the form configuration and conduct a thorough test on a lab website on our end.

I hope the following guide comes in handy: https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#import-export

We look forward to hearing back from you.

Kind Regards,
Nebu John

@Nebu here is the screenshot and exported form. Please advise.

Thank you!
Justin

Screenshot:
https://ibb.co/BKwnwCY

{"type":"form","data":{"fields":[{"id":"name-1","element_id":"name-1","form_id":"wrapper-1511347711918-1669","parent_group":"","type":"name","cols":"6","required":"true","field_label":"First Name","placeholder":"First Name","prefix_label":"Prefix","fname_label":"First Name","fname_placeholder":"E.g. John","mname_label":"Middle Name","mname_placeholder":"E.g. Smith","lname_label":"Last Name","lname_placeholder":"E.g. Doe","wrapper_id":"wrapper-1511347711918-1669","multiple_name":"false","required_message":"Name is required.","conditions":[]},{"id":"name-2","element_id":"name-2","form_id":"wrapper-1511347711918-1669","parent_group":"","type":"name","options":[],"cols":"6","conditions":[],"wrapper_id":"wrapper-1511347711918-1669","field_label":"Last Name","placeholder":"Last Name","prefix_label":"Prefix","fname_label":"First Name","fname_placeholder":"E.g. John","mname_label":"Middle Name","mname_placeholder":"E.g. Smith","lname_label":"Last Name","lname_placeholder":"E.g. Doe","prefix":"true","fname":"true","mname":"true","lname":"true","required_message":"Name is required.","prefix_required_message":"Prefix is required.","fname_required_message":"First Name is required.","mname_required_message":"Middle Name is required.","lname_required_message":"Last Name is required.","layout_columns":"2","required":"1"},{"id":"email-1","element_id":"email-1","form_id":"wrapper-1511347712118-1739","parent_group":"","type":"email","cols":"12","required":"true","field_label":"Email Address","placeholder":"","validation":"1","validation_text":"","wrapper_id":"wrapper-1511347712118-1739","conditions":[]},{"id":"phone-1","element_id":"phone-1","form_id":"wrapper-4562-5248","parent_group":"","type":"phone","cols":"12","required":"","field_label":"Phone Number","placeholder":"(000) 000-0000","validation":"none","phone_validation_type":"standard","validation_text":"","wrapper_id":"wrapper-4562-5248","required_message":"Number is required.","conditions":[]},{"id":"text-2","element_id":"text-2","form_id":"wrapper-1311247712118-1194","parent_group":"","type":"text","options":[],"cols":"12","conditions":[],"wrapper_id":"wrapper-1311247712118-1194","input_type":"line","limit_type":"characters","field_label":"Where Did You Hear About Us?","placeholder":""},{"id":"text-1","element_id":"text-1","form_id":"wrapper-5927-7857","parent_group":"","type":"text","options":[],"cols":"12","conditions":[],"wrapper_id":"wrapper-5927-7857","input_type":"line","limit_type":"characters","field_label":"Subject","placeholder":"Subject","required":"1","required_message":"Please enter a subject."},{"id":"textarea-1","element_id":"textarea-1","form_id":"wrapper-2963-2953","parent_group":"","type":"textarea","cols":"12","required":"1","field_label":"Message","placeholder":"Enter your message... (if you would like to schedule a consultation or treatment, please include the dates and times you are available)","input_type":"paragraph","limit":"","limit_type":"characters","wrapper_id":"wrapper-2963-2953","conditions":[]}],"settings":{"pagination-header":"nav","paginationData":{"pagination-header-design":"show","pagination-header":"nav"},"formName":"ICONIC Wellness Contact Us Form","version":"1.29.2","form-border-style":"none","form-padding":"custom","form-border":"","fields-style":"custom","field-image-size":"custom","validation":"on_submit","akismet-protection":"0","form-style":"default","enable-ajax":"true","autoclose":"true","submission-indicator":"show","indicator-label":"Submitting...","form-type":"default","submission-behaviour":"behaviour-thankyou","thankyou-message":"Thank you for contacting us, we will be in touch shortly.","submitData":{"custom-submit-text":"Send Message","custom-invalid-form-message":"Error: Your form is not valid, please fix the errors!","conditions":[]},"validation-inline":"1","form-expire":"no_expire","form-padding-top":"15","form-padding-right":"0","form-padding-bottom":"15","form-padding-left":"0","form-border-width":"0","form-border-radius":"0","cform-label-font-family":"Roboto","cform-label-custom-family":"","cform-label-font-size":"12","cform-label-font-weight":"bold","cform-title-font-family":"Roboto","cform-title-custom-family":"","cform-title-font-size":"45","cform-title-font-weight":"normal","cform-title-text-align":"left","cform-subtitle-font-family":"Roboto","cform-subtitle-custom-font":"","cform-subtitle-font-size":"18","cform-subtitle-font-weight":"normal","cform-subtitle-text-align":"left","cform-input-font-family":"Roboto","cform-input-custom-font":"","cform-input-font-size":"16","cform-input-font-weight":"normal","cform-radio-font-family":"Roboto","cform-radio-custom-font":"","cform-radio-font-size":"14","cform-radio-font-weight":"normal","cform-select-font-family":"Roboto","cform-select-custom-family":"","cform-select-font-size":"16","cform-select-font-weight":"normal","cform-multiselect-font-family":"Roboto","cform-multiselect-custom-font":"","cform-multiselect-font-size":"16","cform-multiselect-font-weight":"normal","cform-dropdown-font-family":"Roboto","cform-dropdown-custom-font":"","cform-dropdown-font-size":"16","cform-dropdown-font-weight":"normal","cform-calendar-font-family":"Roboto","cform-calendar-custom-font":"","cform-calendar-font-size":"13","cform-calendar-font-weight":"normal","cform-button-font-family":"Roboto","cform-button-custom-font":"","cform-button-font-size":"14","cform-button-font-weight":"500","cform-timeline-font-family":"Roboto","cform-timeline-custom-font":"","cform-timeline-font-size":"12","cform-timeline-font-weight":"normal","cform-pagination-font-family":"","cform-pagination-custom-font":"","cform-pagination-font-size":"16","cform-pagination-font-weight":"normal","payment_require_ssl":"","submission-file":"delete","store_submissions":"1","form_name":"iconic-wellness-contact-us-form","form_status":"publish","sc_email_link":"1","sc_message":"<p>Your form has been saved as draft and a resume link has been generated so you can return to the form anytime within {retention_period} days from today. Copy and save the link or enter your email address below to have the link sent to your mail.</p><p>These fields weren't saved to your submission draft: Paypal, Stripe, Signature, Password, Captcha, and Upload. Kindly fill them out before submitting the form.</p>","use_ajax_load":"1","cform-color-settings":"true","button-submit-background-static":"#08444a","input-border":"#063236","notification_count":1,"previous_status":"publish"},"client_id":null,"integration_conditions":[],"behaviors":[{"slug":"behavior-1234-4567","label":"","autoclose-time":"5","autoclose":"true","newtab":"sametab","thankyou-message":"Thank you for contacting us, we will be in touch shortly.","email-thankyou-message":"","manual-thankyou-message":"","submission-behaviour":"behaviour-thankyou","redirect-url":""}],"notifications":[{"slug":"notification-1234-4567","label":"ICONIC Wellness Admin Email","email-recipients":"default","recipients":"[email protected], [email protected]","email-subject":"New Form Entry #{submission_id} for {form_name}","email-editor":"You have a new website form submission: <br /> {all_fields} <br />---<br /> This message was sent from {site_url}.","email-attachment":"true","type":"default","from-name":"","form-email":"","replyto-email":"","cc-email":"","bcc-email":"","conditions":[]}]},"status":"publish","version":"1.35.1"}

@wpmudevsupport14 – please see above. Thank you.

Hi @justin660

I tested your form on my lab site and I was not able to replicate such an issue. I have also tested your page url trying to drag and drop some files there, but it does not allow for this, so this is not a vulnerability.

Can you let us know:

1. Does all those email have the same file or different files (different names, different extensions)
2. If this is the same file, does your site have some plugin or settings to attach some file to each email that is sent from your site?
3. Can you re-create this form from scratch, place the form on some test pages, and check if can you replicate the same issue?

Kind Regards,
Kris

@wpmudevsupport13 @wpmudevsupport14 – the file is the same file, this person has been able to upload it 2 separate times.

I do not have any plugins that would allow any file to be attached or uploaded.

I cannot replicate the issue, I have no idea how this person was able to attach the file.

Please advise,
Thank you!

Hi @justin660

Please email us at: [email protected]
Subject: ATTN: WPMU DEV support – wp.org

Please send:
– Link back to this thread for reference (https://www.ads-software.com/support/topic/form-sent-with-attachment-even-though-theres-no-option-to-attach-files/)
so that we can review this case more for you and see what will be possible in this case.

Kind Regards,
Kris

Hi @justin660

We have solved the mystery with those files. It seems like a normal behavior when it comes to Gmail and Google Docs, Sheets, and Slides. As soon such a URL exists in an email it is converted to an attachment.

Note that Gmail display Forminator textarea data as simple test and in this case it is Google Drive link.

As a side note, this is only related to the Google Drive link, and such behavior does not have a place with such URLs coming from other domains.

Hope this helps.

Kind Regards,
Kris

@wpmudevsupport13 – I see. That makes sense.

Thank you for your help!