Gravity Forms - GFAPI::submit_form bug when the $_POST variable contains existing data because of array_merge_recursive

gf-api-submit-form-bug-example.md

Gravity Forms GFAPI::submit_form bug

There is a bug with the Gravity Forms GFAPI::submit_form method when the $_POST variable contains any existing values that match what you pass to GFAPI::submit_form.

Because GFAPI::submit_form internally uses array_merge_recursive, any existing values in the $_POST variable will be added to any values that exist in the second parameter that you pass to GFAPI::submit_form.

This bug appears in the latest version of Gravity Forms 2.4.20.5 and in the latest 2.5 beta.

UPDATE ON 07/14/2023: This is a known bug in Gravity Forms and the plugin developers (i.e. Rocket Genius) are aware of it. Since other developers have made custom workaround to get around this issue, patching this bug would break that custom code, so Rocket Genius has not patched it. This code is probably present in the latest version of the plugin and will probably be present in all future versions.

Example:

<?php
$_POST = array( 'input_1' => 'yes' );
$submit_form_values = array( 'input_1' => 'no' );
$result = GFAPI::submit_form( 1, $submit_form_values );
// bug because Gravity Forms GFAPI::submit_form internally uses array_merge_recursive
// to merge $_POST with $submit_form_values
print_r($_POST);
// $_POST is now array( 'input_1' => array( 'yes', 'no' ) ) and now the form validation fails 
// because input_1 key contains an invalid value

This bug is especially present if you attempt to pass the source page variable to GFAPI::submit_form. The form will only validate page 1 of the multisitep form instead of the page that you pass to it because the the $_POST contains an array for the key gform_source_page_number_insert_page_numbee_here.

<?php
$_POST = array( 'input_2' => 'yes' );
$submit_form_values = array( 'input_2' => 'no' );
$result = GFAPI::submit_form( 1, $submit_form_values, array(), 3, 2 );
// bug because Gravity Forms GFAPI::submit_form internally uses array_merge_recursive
// to merge $_POST with $submit_form_values
print_r($_POST);
// $_POST is now array( 'input_2' => array( 'yes', 'no' ) ) and now the form validation fails 
// because input_2 key contains an invalid value and the form is not validating page 2 of the multistep form and is instead trying to validate page 1 of the multisitep form.

The bug is present on line 1662 in the api.php file of Gravity Forms 2.4.20.5 and line 1665 in the api.php file of Gravity Forms 2.5 beta.

In order to prevent this bug from occuring, users need to empty the $_POST variable before using GFAPI::submit_form, (e.g. $_POST = array(); GFAPI::submit_form( 1, array( 'input_1' ) ).

In order to fix this bug, the array_merge_recursive call in submit_form method can be changed to:

<?php
$post_values = array();
// make sure the $_POST array doesn't cause keys that only contain 1 value to now contain an array of values
if ( ! empty( $_POST ) ) {
  foreach ( $_POST as $key => $value ) {
    // only do array_merge_recursive if the user passes an array to GFAPI::submit_form
    if ( isset( $input_values[$key] ) && is_array( $input_values[$key] ) ) {
      $post_values[$key] = array_merge_recursive( $_POST[$key], $input_values[$key] );
      unset( $input_values[$key] );
      unset( $_POST[$key] );
    }
  }
}

$_POST = array_merge( $_POST, $input_values, $post_values );

Thanks I was stuck on this $_POST bug

@Garth619 Glad it came it handy for someone. I ran into this issue and was going crazy trying to figure out what was happening. I reported it to the developers of the plugin and they let me know that is a known bug in Gravity Forms but since it's been around a while, they don't want to patch it because users have written custom code to get around this bug and fixing the bug would break that custom code.

So even though this Gist says the version of the plugin, it's probably still around in the latest version of the plugin.