FormWizards leak data into other forms.
|Reported by:||danielsamuels||Owned by:||nobody|
|Cc:||daniel.samuels1@…, apollo13, mail@…||Triage Stage:||Accepted|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Consider an events booking system where someone selects their tickets, adds their payment information but then decides to navigate away on the last page. If they then went to a different event all of their payment information etc would be shown as the initial data in the new form, even though it's on a completely different URL with completely different content. This really shouldn't be happening. It would be useful to limit the form data to a specific form, either by URL or by some sort of form hash which is different for each form.
Change History (7)
comment:1 Changed 2 years ago by erikr
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:3 Changed 2 years ago by apollo13
- Cc apollo13 added
- Triage Stage changed from Unreviewed to Accepted