147 comments found.
A second for allowing the plugin to be updated via WP-Admin. This is a necessity. Otherwise it renders the plugin pretty useless!
Thank you for the input.
While we disagree that the plugin is “useless” because it does not currently have automatic updates (Currently it only requires about 10-15 seconds to update via SFTP/SSH or WP admin), we have been looking to make it available for some time now and it will likely be available in the future.
It would be great to have this functionality. Apologies for calling the plugin ‘useless’, it’s not 
My issue is that if I was to install this plugin across numerous sites then having to manually update each time would be a pain.
On another note, I couldn’t see anywhere in the settings (4.3.4) for controlling “Added “Delayed Encryption” option which delays encryption until after the data has been initially processed during submission through most feeds and addons”
The new setting is per individual field and is set on the fields advanced tab within the encryption options in the form editor.
Note that for installing in mulitiple sites, envato licensing permits use of the plugin on one end product/site per copy of the plugin purchased. Also planned on coming in the future along with automatic updates and some other great new features is product licensing which will most likely check for unique purchase codes. So if you are widely deploying be sure to bill a copy to each client so that this isn’t an issue in the possibly near future.
Thanks. Another query that I have is regarding feeds and addons submission. I have a MailChimp addon setup and can only select the form field ‘email’, this is encrypted so the data doesn’t get passed. https://d.pr/i/Pcye3f
You can turn on the new “Delay Encryption” option for the email field that is being passed from that form to not encrypt that field data until after the submission process is complete which includes sending any Gravity Forms Feed data to plugins such as MailChimp.
The new setting is per individual field and is set on the fields advanced tab within the encryption options in the form editor.
Of course this is only forward compatible. It does not change Feed data from previous submissions.
Hope this helps
Does upgrading from 3.9 to latest (4.3.4) cause any problems with existing encrypted fields? Or is it backwards compatible, just overwrite files?
Hello,
Most changes are behind the scenes or added features and nothing with your existing field data is affected between those versions. Just upgrade per the upgrade instructions in the plugins readme.txt file by overwriting the specified files and your good to go!
There is always a full version history change log on the bottom of the item description page
Hope this helps
The {gfef_decrypt_ALL+} merge tag is not working on my email notifications. What do i have to do to get it working?
Hello,
I’ve copied below both the general and specific instructions for that specific tag from the setting on the plugin settings page. Be sure to read the option guide for any options your are setting up on the settings page. They give complete detailed instructions with examples. Most likely you have not unlocked the tag for use with the form you are trying to use it on. I have bolded that section within the instructions below.
Hope this helps
“Use these custom merge tags to output decrytped or encrypted field data in notifications and confirmations. Each tag must be “unlocked” here per form/field using the formats specified in the OPTION GUIDE below to make them valid when used in the corresponding notifiations/confirmations.
Using these merge tags ONLY decrypts/encrypts for merge tag output and does not change permissions or encryption on the websites entry views.
These custom merge tags are placed directly inline with your notification/confirmation content just like regular Gravity Forms merge tags where they are accepted. For information on how to use merge tags please refer to the Gravity Forms documentation.
Using the merge tags for a forms notifications/confirmations without unlocking it here will not function. This is to prevent user who can edit notifications/confirmations but cannot edit this plugins settings from sending out unauthorized decrypted data.
content below is from the option guide -
The {gfef_decrypt_ALL+} merge tag outputs decrypted and human readable field data for all fields in the form entry. The decrypted output of the {gfef_decrypt_ALL+} merge tag bypasses ALL permissions (aside from user owned fields) and merge tag filtering and gives a constant decryted output. The {gfef_decrypt_ALL+} merge tags will not decrypt User Owned Fields unless the user generating the merge tag content owns the entries field data. The behavior of this merge tag closely replicates the standard Gravity Forms {all_fields} tag but it decrypts and shows all data.
To unlock the {gfef_decrypt_ALL+} tag for a specific form, enter comma separated FORM ID:ALL+ values to allow for using the specified forms decrypted merge tag in the specified forms merge tag output.
example: entering 11:ALL+, above will allow you to use {gfef_decrypt_ALL+} as a valid merge tag in form 11 confirmations and notifications.
Got it. thanks
Pre-Sale Question
Hi,
Should I install this plugin, would I still be able to use PDF autofill solutions such as Webmerge or ForGravity PDF Autofill?
Thanks
We do not have any known plugin conflicts with these plugins, and the plugin has a feature which allows for passing data through to any feeds prior to encrypting the data so you should be able to pass data through to them if they populate from feeds on submission or entry update.
However, if those plugins access the data after it is stored encrypted in the database and they do access it through the standardized gravity forms API they would not be able to receive decrytped data to process.
Most all quality plugins interact with Gravity Forms through the API so you should likely have no issues between that and using our plugins decrypted merge tags when available in other actions.
Of note is that if no actual user is generating the content for the other plugins and its being done automatically on a schedule the plugin would not be given access to the data if the data access is restricted by user.
Its a complex answer and we cannot gaurantee any compatibility with other plugins that can change and evolve at any time, but yes in general, and no if there’s certain things trying to be done that could be restricted by the encryption and access controls like accessing encrypted data through automation without logged in user authentication.
Hi, How is this plugin working with a multisite installation? Is there a place we can test the plugin and see how practical it is on a day to day basis?
Hello
The plugin retains individual site option settings within a multisite environment.
There currently is no testing environment for the plugin. However the plugin operates transparently to gravity forms once set up, meaning you just use Gravity Forms as normal and all the “encryption stuff” and user permissions are handled for you without any extra steps for encrypting or decrypting or viewing, so the practicality of its usage is not very likely to ever be an issue.
Hope this helps
Hi,
I downloaded your plugin and noticed that the encryption key is being stored in plain text in the database (with a salt stored in a php file). This doesn’t seem terribly secure to me…. Are there any plans to change this in the near future?
Thanks.
Hello,
Short answer, no we do not intend to change it at this time but are always open to improving security when possible. That said, without getting into reverse engineering here ..it’s also not the key ..or the salt ..neither is, and although they could be stored encrypted, it would require them to be auto decrypted for use which yields no effective additional security.
To consider using the keys to decrypt the data requires complete access to your WP file and database servers which requires the failure of both your web and database server securities. One without the other is useless. We strongly recommend VPS or Private servers as well as other web securities and authentication protocols. The encryption of the data is simply our piece of the puzzle and as with any access to secure data such as a bank account, the weakest point is likely the administrative WP logins with access if not properly controlled and authenticated.
I was thinking you could use the administrator’s password to encrypt, but that would limit access to only the admin….
I have installed Gravity Forms 2.3.0.3 and the latest version of GF Encrypted Fields. I have configured GF Encrypted Fields to delete some forms after submission. With GF 2.2 this worked ok. Now I get an error 500 after submission and the Confirmation notice is not displayed. The email Notification does work though. If I remove the forms from the Delete list they work ok and the confirmation is displayed.
Can this be fixed? Thanks
Hello,
What if any other processes are running on submission? ie: payments, user registration, pdf creation etc?
Have you tried temp disabling the confirmation page /notice to see if it affects the error?
Hi, the forms in question are simple forms without any other processes running (basically just to send notifications). I did disable the Notifications however there is no way to to disable the default confirmation (this is the only confirmation configured). I did try to change the confirmation to redirect to a page but it still failed.
Ok thanks that’s helpful to know. Well take a look at what’s going on and if we can replicate we should be able to issue a fix quickly and we will notify you here.
Thanks again for the notice.
Thanks, I have done some more testing and I was finally able to get this working. As well as having the form id’s on the delete form list, I had the same form id’s in the delete ip list. This worked ok with GF 2.2. When i removed the same form id’s from the delete ip list (they dont really need to be there) then the form submits ok and the form is deleted. In your plugin I notice that you have the delete code before the remove ip code. Maybe something changed in GF 2.3 that exposed this action.
Excellent. Well look to move some things around and clear it up with a release tomorrow.
UPDATE:
Version 4.3.6- Fixed issue with both remove IP and delete for selected for the same form.
Thank you !!
