How to create self-populating “smart” forms in Drupal 8 with Form API

Hello! Many years ago (2015 to be exact), we published an article on how to create self-populating dropdown forms using the Drupal 7 Webform API. Now that the year is 2019 and Drupal 8 has been “Released” for quite some time now, with 8.7.1 as of May 2019, we thought it might be a good idea to update the strategy to do the same or similar action in Drupal 8. What are we trying to do anyways? Well we want a way for people to interact with a Webform in an interactive way. This means we want subsequent dropdown selections to be populated by previous choices. This logic doesn’t have to be restricted to dropdowns, it can be input  boxes, checkboxes or radio buttons. Anything, really. In the example above, you can see “Beverage” is chosen for “Industries”. The “Products” dropdown underneath has the options that you see  populated based […]

How to craft an XSS payload to create an admin user in WordPress

Hello! XSS (or cross site scripting) attacks are a common method to maliciously execute actions against a website installation. In particular this type of attack vector is useful when dealing with a CMS like WordPress where you have administrative user accounts to target. This means that if you are able to craft an XSS payload that will ultimately be executed by the administrator of that site, you can essentially do whatever you want. In javascript of course. What I’ll go through in this post is exactly how to capitalize on a particular (old) WordPress plugin vulnerability to deliver a persistent XSS injection (not logged into WordPress) that will later be executed by someone logged into WordPress with higher privileges, such as an administrator. Persistent versus Reflected XSS This is debatable, but to simplify things it would be easiest to describe XSS attacks as being two high level methods : persistent […]

Read and auto populate fields in WordPress Gravity forms with jQuery

Hello! When designing and implementing Gravity forms there may be occasions where you would want to auto populate multiple fields based on a preceding field selection. This was the case in our scenario where we wanted to populate the selection of a drop-down box based on a Google Map location field within Gravity Forms on WordPress. What we wanted was for the person to enter their location in a Google Map location field (within gravity forms) and based on that selection, read the respective City within that location and based on that selection, populate a drop-down box. Gravity forms already possesses the ability to implement conditional logic, however it largely is designed for the purpose of revealing/hiding/activating input elements based on preceding choices. We need to actually inject an input selection I’ll try to walk through the process to implementing this type of logic specifically with Gravity Forms. Get the […]