Michael Roebuck's Blog: New Yahoo Form Regulations

In an effort to improve security, Yahoo! will be upgrading the pro-forma script (form submission) functionality. If you are using the Yahoo! Form script, this applies to you. Merchants typically use this for newsletter signups, "contact us" forms, or price-quote requests. The pro-forma script security changes will ensure form submissions are properly associated with a store ID and that all email recipients of form submissions are approved. Once the changes are in place, your site will be automatically protected. However, you must take immediate action to use the new approved format for the pro-forma functionality. Otherwise, you may not receive submissions using the old format.

---------------------------------------------
WHAT STEPS DO I NEED TO TAKE?
---------------------------------------------

New URL for form submissions.
The following change will be required within your form tags sent to this script:
<form method="post" action="http://<accountname/yhst1234>.stores.yahoo.net/cgi-bin
/pro-forma">
where "accountname" is your store ID or yhst number. You will need to confirm this revised tag is used for each form sent to this script on your site. After updating the URL for form submissions, you will need to publish your site.

Approved email recipients.
Previously, any names listed within the form as values for owner received the email:
<input type=hidden name="owner" value="me@myname.com">

With this update, merchants must now enter the list of approved form submission recipients in the "Email To" field of the Form Submissions section in the Order Emails page (or the Fax & Email page for Merchant Solutions Standard and Professional merchants). Email addresses should be entered one per line. If you have a form that uses an email address not specified in the "Email To" field, that form submission will not be delivered.

Thank-you URL and Continue-URL under your store domain.
Previously, merchants could specify any URL to take shoppers to for the confirmation page (thankyou-URL) or after leaving the confirmation page (continue-URL):
<input type=hidden name="continue-url" value="http://anydomain.com">

Now merchants will need to specify a page within their store domain to send shoppers to.
<input type=hidden name="continue-url" value="http://merchantdomain.com">

---------------------------------------------
HOW DO I KNOW MY FORMS ARE SET UP CORRECTLY?
---------------------------------------------

If you have active forms on your site but are not receiving form submissions, then you likely have not made all of the required changes.

Confirm your form is submitting to the new URL:
<form method="post" action="http://<accountname>.stores.yahoo.net/cgi-bin/pro-forma">
and that you are using the correct account name.

Ensure that any email address listed in your forms also appears in the "Email To" field on the Order Emails page (Fax & Email for Standard and Professional accounts). You should receive emails of the form submissions to the owner addresses specified in your form, provided you are submitting the form to the new URL and have specified all email addresses.

Ensure your shoppers are being directed to a confirmation page under your domain after submitting the form and after continuing from the confirmation page.

For full details about the newly revised pro-forma functionality, please refer to Yahoo! help documentation.
http://help.yahoo.com/l/us/yahoo/smallbusiness/store/edit/regular
/regular-12.html

Labels: form, script, yahoo