Webform 4 has increased the security for access to submissions for anonymous users. A new parameter called token is required in the query string which is an md5 hash made from the submission timestamp, ID and the site's private key. This token must be present in the query string for webform_confirmation_page_access() to allow access.

This patch adds this token to webform_conditional_confirmation_form_webform_client_form_alter so that it is passed through correctly.

Without this, form submission will just return a 403 Access Denied message for anonymous users.

CommentFileSizeAuthor
webform_v4_token.patch2.55 KBakoepke

Comments

thisisnotrealpeople’s picture

thisisnotrealpeople commented

This patch solved the access denied issue that I was encountering when anonymous users submitted a form. Thanks!

Anonymous’s picture

Anonymous (not verified) commented
Status: Needs review » Fixed

Hi, I've patched this bug already as I picked up this project earlier this week, I've rewritten a lot of the module to add more functionality, and actually get it to work.

I've created release 7.x-2.x-dev if you're still interested in this project however I needed to change the structure of the messages table for multiple conditional support, so you wouldn't be able to just update until an update hook is implemented.

Thanks!

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)