@processmaker/screen-builder 3.8.15 → 3.8.16

package/src/components/renderer/form-button.vue

@@ -41,7 +41,8 @@ export default {
     "loading",
     "loadingLabel",
     "handler",
-    "handlerSecurityEnabled"
+    "handlerSecurityEnabled",
+    "config"
   ],
   data() {
     return {
@@ -86,7 +87,8 @@ export default {
       return {
         name: this.name,
         label: this.label,
-        value: this.fieldValue
+        value: this.fieldValue,
+        variablesToSubmit: this.config?.variablesToSubmit
       };
     }
   },

package/src/components/task.vue

@@ -586,7 +586,9 @@ export default {
       }
       this.disabled = true;
 
-      if (formData) {
+      // Ensure formData is always a valid object (never null, undefined, or false)
+      const safeFormData = (formData && typeof formData === 'object') ? formData : (this.requestData || {});
+      if (formData && typeof formData === 'object') {
         this.onUpdate(Object.assign({}, this.requestData, formData));
       }
 
@@ -595,7 +597,7 @@ export default {
       } else {
         this.loadingButton = false;
       }
-      this.$emit('submit', this.task, loading, buttonInfo);
+      this.$emit('submit', this.task, safeFormData, loading, buttonInfo);
 
       if (this.task?.allow_interstitial && !this.loadingButton && !this.disableInterstitial) {
         this.task.interstitial_screen['_interstitial'] = true;

package/src/components/vue-form-renderer.vue

@@ -38,12 +38,13 @@ import { getItemsFromConfig } from "../itemProcessingUtils";
 import { ValidatorFactory } from "../factories/ValidatorFactory";
 import CurrentPageProperty from "../mixins/CurrentPageProperty";
 import DeviceDetector, { MAX_MOBILE_WIDTH } from "../mixins/DeviceDetector";
+import VariablesToSubmitFilter from "../mixins/VariablesToSubmitFilter";
 import ScreenRenderer from "@/components/screen-renderer.vue";
 
 export default {
   name: "VueFormRenderer",
   components: { ScreenRenderer, CustomCssOutput },
-  mixins: [CurrentPageProperty, DeviceDetector],
+  mixins: [CurrentPageProperty, DeviceDetector, VariablesToSubmitFilter],
   model: {
     prop: "data",
     event: "update"
@@ -257,7 +258,8 @@ export default {
       this.$emit('after-submit', ...arguments);
     },
     submit(eventData, loading = false, buttonInfo = null) {
-      this.$emit("submit", this.data, loading, buttonInfo);
+      // eventData is already filtered by ScreenBase.submitForm, just pass it through
+      this.$emit("submit", eventData, loading, buttonInfo);
     },
     parseCss() {
       const containerSelector = `.${this.containerClass}`;

package/src/form-builder-controls.js

@@ -800,6 +800,14 @@ export default [
           },
         },
         buttonVariantStyleProperty,
+        {
+          type: 'VariablesToSubmit',
+          field: 'variablesToSubmit',
+          config: {
+            label: 'Variables to Submit',
+            helper: 'Select which variables should be included in the submission payload. Only variables from the parent (top-level) request can be used.',
+          },
+        },
       ],
     },
   },

package/src/mixins/Json2Vue.js

@@ -57,7 +57,8 @@ export default {
       if (buttonInfo && this.loopContext) {
         buttonInfo.loopContext = this.loopContext;
       }
-      this.$emit('submit', this.value, loading, buttonInfo);
+      // Use eventData (already filtered) instead of this.value (unfiltered)
+      this.$emit('submit', eventData, loading, buttonInfo);
     },
     buildComponent(definition) {
       if (window.ProcessMaker && window.ProcessMaker.EventBus) {

package/src/mixins/ScreenBase.js

@@ -4,6 +4,7 @@ import { mapActions, mapGetters, mapState } from 'vuex';
 import { ValidationMsg } from './ValidationRules';
 import DataReference from "./DataReference";
 import computedFields from "./computedFields";
+import VariablesToSubmitFilter from "./VariablesToSubmitFilter";
 import { findRootScreen } from "./DataReference";
 
 const stringFormats = ['string', 'datetime', 'date', 'password'];
@@ -11,7 +12,7 @@ const parentReference = [];
 
 export default {
   name: "ScreenContent",
-  mixins: [DataReference, computedFields],
+  mixins: [DataReference, computedFields, VariablesToSubmitFilter],
   schema: [
     function() {
       if (window.ProcessMaker && window.ProcessMaker.packages && window.ProcessMaker.packages.includes('package-vocabularies')) {
@@ -158,7 +159,19 @@ export default {
       };
       this.$emit('after-submit', event, ...arguments);
       if (event.validation === false) {
-        this.$emit('submit', this.vdata, loading, buttonInfo);
+        // Filter data based on variablesToSubmit configuration (LAYER 1 protection)
+        const dataToSubmit = this.filterDataForSubmission(this.vdata, buttonInfo);
+        
+        // Debug logging for variables filtering
+        if (buttonInfo?.variablesToSubmit?.length > 0) {
+          console.log('[VariablesToSubmit] Filtering enabled (validation bypassed)');
+          console.log('[VariablesToSubmit] Original data keys:', Object.keys(this.vdata || {}));
+          console.log('[VariablesToSubmit] Selected variables:', buttonInfo.variablesToSubmit);
+          console.log('[VariablesToSubmit] Filtered data keys:', Object.keys(dataToSubmit));
+          console.log('[VariablesToSubmit] Data to submit:', dataToSubmit);
+        }
+        
+        this.$emit('submit', dataToSubmit, loading, buttonInfo);
         return;
       }
       await this.validateNow(findRootScreen(this));
@@ -170,7 +183,19 @@ export default {
         // if the form is not valid the data is not emitted
         return;
       }
-      this.$emit('submit', this.vdata, loading, buttonInfo);;
+      // Filter data based on variablesToSubmit configuration (LAYER 1 protection)
+      const dataToSubmit = this.filterDataForSubmission(this.vdata, buttonInfo);
+      
+      // Debug logging for variables filtering
+      if (buttonInfo?.variablesToSubmit?.length > 0) {
+        console.log('[VariablesToSubmit] Filtering enabled');
+        console.log('[VariablesToSubmit] Original data keys:', Object.keys(this.vdata || {}));
+        console.log('[VariablesToSubmit] Selected variables:', buttonInfo.variablesToSubmit);
+        console.log('[VariablesToSubmit] Filtered data keys:', Object.keys(dataToSubmit));
+        console.log('[VariablesToSubmit] Data to submit:', dataToSubmit);
+      }
+      
+      this.$emit('submit', dataToSubmit, loading, buttonInfo);
     },
     resetValue(safeDotName, variableName) {
       this.setValue(safeDotName, null);

package/src/mixins/VariablesToSubmitFilter.js

@@ -0,0 +1,76 @@
+/**
+ * VariablesToSubmitFilter Mixin
+ * 
+ * Filters form data before submission based on button configuration.
+ * Protects against invalid data (null/undefined/false) and preserves system variables.
+ */
+
+export default {
+  methods: {
+    /**
+     * Filters data for submission based on variablesToSubmit configuration
+     * @param {Object} data - Form data to filter
+     * @param {Object} buttonInfo - Button configuration with optional variablesToSubmit array
+     * @returns {Object} Filtered data (always returns a valid object)
+     */
+    filterDataForSubmission(data, buttonInfo) {
+      // Normalize invalid data to empty object
+      const safeData = this.isValidObject(data) ? data : {};
+
+      // No filtering: return all data (backward compatibility)
+      if (!this.shouldFilterVariables(buttonInfo)) {
+        return safeData;
+      }
+
+      // Apply filtering
+      const variablesToSubmit = buttonInfo.variablesToSubmit;
+      const filteredData = {};
+
+      // Add requested variables
+      variablesToSubmit.forEach(variableName => {
+        if (variableName in safeData) {
+          filteredData[variableName] = safeData[variableName];
+        }
+      });
+
+      // Always preserve system variables (starting with _)
+      Object.keys(safeData).forEach(key => {
+        if (key.startsWith('_')) {
+          filteredData[key] = safeData[key];
+        }
+      });
+
+      return filteredData;
+    },
+
+    /**
+     * Checks if data is a valid plain object
+     * @param {*} data - Data to validate
+     * @returns {boolean} True if valid object, false otherwise
+     */
+    isValidObject(data) {
+      return (
+        data !== null &&
+        data !== undefined &&
+        data !== false &&
+        typeof data === 'object' &&
+        !Array.isArray(data)
+      );
+    },
+
+    /**
+     * Checks if filtering should be applied
+     * @param {Object} buttonInfo - Button configuration
+     * @returns {boolean} True if filtering enabled, false otherwise
+     */
+    shouldFilterVariables(buttonInfo) {
+      return (
+        buttonInfo &&
+        buttonInfo.variablesToSubmit &&
+        Array.isArray(buttonInfo.variablesToSubmit) &&
+        buttonInfo.variablesToSubmit.length > 0
+      );
+    }
+  }
+};
+

package/src/mixins/index.js

@@ -16,6 +16,7 @@ export { default as ScreenBase } from "./ScreenBase";
 export { default as shouldElementBeVisible } from "./shouldElementBeVisible";
 export { default as testing } from "./testing";
 export { ValidationMsg, validators } from "./ValidationRules";
+export { default as VariablesToSubmitFilter } from "./VariablesToSubmitFilter";
 export { default as VisibilityRule } from "./VisibilityRule";
 export { default as watchers } from "./watchers";
 export { default as Clipboard } from "./Clipboard";