Fix non rendered fields still validating and displaying response submission (#41979)

talldan · matticbot · commit b247392438a7 · 2025-02-26T03:40:41.000Z
* Avoid validating non renderable fields * Prevent non-renderable fields from displaying in form submission response * changelog Committed via a GitHub action: https://github.com/Automattic/jetpack/actions/runs/13535853444 Upstream-Ref: Automattic/jetpack@75236ed
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 This is an alpha version! The changes listed here are not final.
 
 ### Fixed
+- Forms: Ensure fields that skip rendering (like empty options fields) do not trigger validation or show value in form submission response.
 - Forms: Fix 404 error when a user submits an invalid form with JavaScript disabled.
 
 ## [0.39.0] - 2025-02-24
diff --git a/src/contact-form/class-contact-form-field.php b/src/contact-form/class-contact-form-field.php
@@ -205,13 +205,14 @@ public function is_error() {
 	 * Validates the form input
 	 */
 	public function validate() {
+		$field_type = $this->maybe_override_type();
+
 		// If it's not required, there's nothing to validate
-		if ( ! $this->get_attribute( 'required' ) ) {
+		if ( ! $this->get_attribute( 'required' ) || ! $this->is_field_renderable( $field_type ) ) {
 			return;
 		}
 
 		$field_id    = $this->get_attribute( 'id' );
-		$field_type  = $this->maybe_override_type();
 		$field_label = $this->get_attribute( 'label' );
 
 		if ( isset( $_POST[ $field_id ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing -- no site changes.
diff --git a/src/contact-form/class-contact-form.php b/src/contact-form/class-contact-form.php
@@ -1161,6 +1161,11 @@ public function process_submission() {
 		// For all fields, grab label and value
 		foreach ( $field_ids['all'] as $field_id ) {
 			$field = $this->fields[ $field_id ];
+
+			if ( ! $field->is_field_renderable( $field->get_attribute( 'type' ) ) ) {
+				continue;
+			}
+
 			$label = $i . '_' . $field->get_attribute( 'label' );
 			$value = $field->value;
 
@@ -1172,6 +1177,11 @@ public function process_submission() {
 		// Extra fields have their prefix starting from count( $all_values ) + 1
 		foreach ( $field_ids['extra'] as $field_id ) {
 			$field = $this->fields[ $field_id ];
+
+			if ( ! $field->is_field_renderable( $field->get_attribute( 'type' ) ) ) {
+				continue;
+			}
+
 			$label = $i . '_' . $field->get_attribute( 'label' );
 			$value = $field->value;
 
