Contrib.social

Add an alter hook for the form cache

Open on Drupal.org β†’
Created on 14 June 2011, almost 14 years ago
Updated 2 April 2025, 5 days ago

By default, Drupal will save the current state of the form in the form cache for multistep forms. This is problematic when Drupal is passing data off to another web service and must never store certain data. I ran into this with PCI compliance, but I imagine it could be an issue for sites with strong privacy policies. For example:

  1. User submits a form step with credit card details
  2. When the form step is processed, the credit card details are passed off to another service for secure storage
  3. The second step of the form contains a confirm page, which on submit tells the web service to process the transaction
  4. As the form is multistep, the unencrypted credit card details are stored in $form_state and accessible for 6 hours for anyone with access to the database

Alter hooks for getting / setting the form state from the cache would allow modules to scrub and inject values from other data sources as needed.

✨ Feature request
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

forms system

Created by

πŸ‡¨πŸ‡¦Canada deviantintegral

Live updates comments and jobs are added and updated live.
  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 5 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thank you for sharing your idea for improving Drupal.

    We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

  • Comment 5 days ago β†’
    πŸ‡¨πŸ‡¦Canada deviantintegral

    Since I wrote this, nearly all ecommerce work we've done uses external services with javascript embeds. I'm happy to close this. Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024