Kirby Forms and Frontend Actions
KB entry points
kirby://kb/scenarios/39-basic-contact-formkirby://kb/scenarios/40-frontend-file-uploadskirby://kb/scenarios/41-email-with-attachmentskirby://kb/scenarios/42-creating-pages-from-frontendkirby://kb/scenarios/43-user-registration-and-login
Required inputs
- Form fields and validation rules.
- Spam protection choice and error handling expectations.
- Storage target and email settings.
- Upload constraints (MIME/size) if files are involved.
Default controller flow
- Verify CSRF and require the expected POST fields.
- Validate and normalize input; return errors early.
- Apply a single spam guard (default: honeypot).
- Persist data or send email, then redirect with a success state.
Error payload shape
return [
'errors' => ['email' => 'Invalid email'],
'old' => $data,
];
Upload storage convention
- Store files under a dedicated page (e.g.
page('uploads')) or the current page.
- Normalize filenames and enforce MIME/size limits before saving.
Common pitfalls
- Missing CSRF verification on POST handlers.
- Accepting uploads without MIME or size checks.
Workflow
- Clarify the form type, validation rules, spam protection, storage target, and email requirements.
- Call
kirby:kirby_init and read kirby://roots.
- Inspect existing templates/controllers/snippets for patterns:
kirby:kirby_templates_indexkirby:kirby_controllers_indexkirby:kirby_snippets_index
- Read relevant config options via
kirby://config/{option} (e.g. email, routes) when needed.
- Search the KB with
kirby:kirby_search (examples: "basic contact form", "frontend file uploads", "email with attachments", "creating pages from frontend").
- Implement controller-driven validation and CSRF checks; keep templates thin and escape output.
- For uploads, enforce MIME/size limits and store files in safe locations.
- Verify by submitting forms in a browser and rendering success/error states with
kirby:kirby_render_page.
