The Needs Review Queue Bot โ tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".
Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.
Consult the Drupal Contributor Guide โ to find step-by-step guides for working with issues.
- ๐จ๐ฆCanada Austin986
I found this issue is still active in D10.0.9
What is the point to keep previous email and user name in register form?Any patch or fix for D10 ?
- ๐ฌ๐ทGreece idimopoulos
idimopoulos โ made their first commit to this issueโs fork.
- last update
over 1 year ago 29,455 pass - @idimopoulos-0 opened merge request.
- Open on Drupal.org โEnvironment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Not currently mergeable. - ๐ฌ๐ทGreece idimopoulos
Rerolled patch 66 for 10.1.x and 11.x.
However, I should note that this is a blind reroll. Did not check if there are any changes in core that might affect this. - last update
over 1 year ago 29,887 pass - last update
over 1 year ago 29,887 pass - ๐ฉ๐ชGermany jan kellermann
Added new tag GDPR because storing cookies or data in localstorage without consent can violate data protection law, in Germany for example the TTDSG.
I support the proposal to remove it completely from the core.
- ๐ฎ๐ณIndia prashant.c Dharamshala
prashant.c โ made their first commit to this issueโs fork.
- ๐ฎ๐ณIndia prashant.c Dharamshala
Rebase the branch
2409107-11x
with latest code from11.x
. Need to see if any tests are failing. - ๐ฎ๐ณIndia prashant.c Dharamshala
Tested the MR with i think originally the changes from taken from patch submitted in #55 ๐ Do not prepopulate the user register form with the email address and username of the last person who registered using the same web browser Needs work .
It is fixing the issue of this autocomplete and the username and email address are no longer auto-filled during user registration and browser no longer has values stored in localstorage for
Drupal.visitor.mail
andDrupal.visitor.name
.Steps to reproduce
- Login as admin and go to /admin/config/people/accounts
- Select "Visitors" in "Who can register accounts?" and save
- Now visit the site as anonymous user and register as a user from "/user/register"
- Logout with the currently logged in user and try to register another user, you will see that "Email address" and "Username" fields are autofilled with the values you filled to register your previous user
- Also in the browser's local storage there are 2 properties
Drupal.visitor.mail
andDrupal.visitor.name
where these values are also stored.
- ๐ฎ๐ณIndia prashant.c Dharamshala
PR is failing it is showing the test
core/modules/block/tests/src/Functional/BlockCacheTest.php
failing but locally when I executed all the tests passed. Not sure what is causing these test to fail in the pipelines. - ๐ฉ๐ชGermany jan kellermann
Thank you prashant c., the MR works for me (tested with PHP8.3 and D11-dev). Did not change state because of open comments.
- ๐ฉ๐ชGermany jan kellermann
@nod_:
- Maybe the `core/drupal.form` is not neccessary in modules/comment/comment.libraries.yml also?
- In modules/user/src/RegisterForm.php on line #36 `drupal.form` is also added. - Status changed to Needs review
4 months ago 4:55am 3 September 2024 - ๐ฎ๐ณIndia prashant.c Dharamshala
@jan kellermann
Not sure about the files you mentioned in #80 ๐ Do not prepopulate the user register form with the email address and username of the last person who registered using the same web browser Needs work because the other methods from the library could have been used on these forms.
- Status changed to Needs work
4 months ago 11:38am 3 September 2024 - ๐ฌ๐งUnited Kingdom alexpott ๐ช๐บ๐
We need a change record. There are contrib modules that will need to be updated due to removing this feature. See http://codcontrib.hank.vps-private.net/search?text=data-user-info-from-b... for examples.
Also I think we should consider adding a deprecation to template_preprocess_form() if the array key exists...
$form['#attributes']['data-user-info-from-browser']
. That way contrib and custom code can find out about this and update their code. I'm shocked, that this issue exists for 10 years. I discovered it recently while forking the contact module โ and didn't find the time until now to report it as a security issue with a proper proof of concept. I guess, I can mark this as done now.
Sorry for the rant. To add something productive: In case this issue persists for some more years, I wrote the module disable_libraries โ , which can be used to globally disable the
core/drupal.form
library.- Merge request !10644Resolve #2409107 "11x only disable for core" โ (Open) created by jan kellermann
- ๐ฉ๐ชGermany jan kellermann
I want to try a quick solution to get Drupal (CMS) GDPR comliant. The deprecation of Drupal.behaviors.fillUserInfoFromBrowser can be done separately later (open a new issue?).
This behavior violates GDPR because personal data are processed without consent.
This behavior violates the EU ePrivacy Directive for writing in user's browser without consent.It would be great if Drupal CMS would stop violating both of these.
I restored the behavior and only removed the use in core.
I created MR !10644 and Change Record 3495510 โ .
The failed tests do not appear to be related to MR.
- ๐ฎ๐ณIndia sagarmohite0031
Hello,
Tested and verified on Drupal 11,
MR applied successfully
Its working as expected
Attaching before and after screenshots. - ๐ฉ๐ชGermany rkoller Nรผrnberg, Germany
I've manually tested on 11.x .... with the feature branch checked out the email address and the username of the person last registered with the browser is no longer displayed, the fields for the email address and the username remain empty. as a crosscheck i've then checked out the 11.x branch again and reloaded the create new account page and the fields for the email address and the username get directly repopulated. so from a manual testing and privacy perspective a big +1 for the approach taken. and if the deprecation of the behavior can be taken care of in a separate follow up it would speed up the resolution of this issue. i leave the the status at needs review cuz i am unable to provide any feedback about the code.