FSCF does not see pre-filled disabled input fields post vars on server session.

Dear Brian,

Thank you for this great plugin.

A couple of days ago, I was pre-filling fields passing data through the URL. The pre-populated was disabled (<INPUT … disabled />). I tested the form and I noticed that if there was an input error in other field, FSCF says that the pre-populated field is a required field (FSCF does not ‘see’ the information in the pre-populated though disabled field). Note that the pre-populated field displays the information. Now, if I click on the url in the browser and press enter, the form is reloaded, but then, when I submit it, it says that the pre-filled field is required (though it displays the information).

One solution would be to remove the attribute ‘disabled’ from the INPUT field, but that would allow users to send wrong information in the database (unless I validate the information once again). Another solution, that it is not possible in my case, is to hide the field (apparently the error does not occur in this case).

One note on security. If the form is submitted to a php page, info is passed as POST variables. This information is visible from the client’s browser and can be modified. Therefore, field validation has to be repeated again at the script level. Are you considering to enable sever session variables transfer to scripts? Same with pre-filled fields. Would not be better to have that information in server session variables?

I look forward to hearing from you.

Thank you again

Andreas

https://www.ads-software.com/extend/plugins/si-contact-form/