How to use "Contact us" feature? Activated - and now?
Hi @Bernard Sfez / Tiki Specialist,
hi @Jonny Bradley,
I am understanding the following:
- My error "Invalid Parameter: itemId" does not actually mean that there is a parameter inserted wrongly, but this parameter "itemId" is actually missing.
- The missing parameter can be passed by URL.
- During sending of the form, a custom URL can be defined. In the given URL the string "itemId" will be replaced with "itemId=xx", where xx is the new/current itemId.
- {trackeritemfield}, according to documentation ("If it itemId is not specified and the url used to access the page has a itemId parameter, the value of itemId parameter will be used."), then automatically adds this parameter from URL, if present.
So, if I don't want any behavior changes other than to add "itemId" to the URL for this to work, I take the URL I get when sending the form
https://my.url/tiki-index.php?page=Impressum&ok=y&iTRACKER=1#wikiplugin_tracker1
add "itemId", strip protocol and domain and set URL parameter like so:
url="tiki-index.php?page=Impressum&ok=y&iTRACKER=1#wikiplugin_tracker1&itemId"
After testing this: The new URL seems to work - nothing changes except that itemId is added to the URL, including the actual Id value. Nevertheless, the error is the same. Seems like the URL param does not get automatically used in {trackeritemfield}.
Second test: I moved the parameter "ItemId" from the end of the parameter list to the start (and parameterized pagename for robustness) using
url="tiki-index.php?itemId&page=&ok=y&iTRACKER=1#wikiplugin_tracker1"
Voilà - it works as expected! But only if logged in as an admin. If I try as anonymous, on the confirmation page I get an error "You don't have permission to edit an Item" (Translated from german error message). The Item gets added. Then I don't want wo edit it, I just want to view my own item. If I don't have permission to view other items, this prevents the exploit that can show other items when you enter the itemId in the URL manually... or is there another way to prevent this?
Is there anything in the URL I pass, that can be further parameterized - as I did with the page name?