I work for a data-security company and I am trying to whitelist certain rules on our server regarding the CF7 forms on our website, in order to eliminate as many attack options as possible.
I searched high and low an could not find the format rules for certain elements in the form.
When I inspect the element of the forms I get the following list (I removed the ones that don’t need addressing):
_wpcf7:1562
_wpcf7_version:4.1.2
_wpcf7_locale:en_US
_wpcf7_unit_tag:wpcf7-f1562-o2
_wpnonce:2257b0dde3
_wpcf7_is_ajax_call:1
What I need is to know exactly what the value of every one of these elements can accept. For example – _wpcf7_version is it always only numbers and punctuation marks?
Or _wpcf7_unit_tag is it always only lowercase letters, numbers and dashes?
I’ll wright the list and my assumptions regarding the possible values and I simply need to know if this is ALWAYS the case or can be something else:
_wpcf7 digits only;
_wpcf7_version: digits and periods only;
_wpcf7_locale: uppercase, lowercase and underscore;
_wpcf7_unit_tag: lowercase letters, numbers and dashes;
_wpnonce:
digits and lowercase leters only; _wpcf7_is_ajax_call: digits only.
Thanks!!
Amos
P.S – apologies for the formatting of this message. For some reason the text doesn’t always go down a line when I press enter and after struggling with it for a while I decided you’d forgive me 🙂
