Blog Featured Gravity Forms

I have discovered a bug in the latest version of Gravity Forms v1.9.15.

I use¬†Gravity Forms to post prospects to Pardot using the Form Confirmation set as a Redirect. Some of the form fields have values such as “A&B” or “>$1M”.

After updating the Gravity Forms plugin to version 1.9.15, the values I receive in Pardot are now: “A%26amp%3BB” and “%26gt%3B%241M” where as I expect “A%26B” and “%26%241M”

I did some debugging and found out that the issue is caused by the added line inside “public function sanitize_entry_value( $value, $form_id )” function in the “class-f-field.php” file on line 850:

$value = wp_kses_post( $value );

Temporarily removing this line fixes the introduced problem.

To summarise, in the latest version of the Gravity Forms plugin (v1.9.15) the values of the form fields get unrecoveribly changed by sanitisation/espcaping and tag stripping before getting appended to the URL as part of the Form Redirect at the Confirmation stage.

1) Original (correct) behaviour

Submitted Form field value: A&B
Form field value in the URL: A%26B

2) Broken behaviour in Gravity Forms v1.9.15

Submitted Form field value: A&B
Form field value in the URL: A%26amp%3BB

This makes Pardot not understand the values that I pass to it.

I contacted the makers of Gravity Forms. They released a patch (v1.9.15.17) that contains a fix for this issue.


Anton Zaroutski

WordPress Specialist, Front End and PHP Developer, @xeiter

Leave a Reply

Your email address will not be published. Required fields are marked *