We have a strange bug where random user profile data is shown to annonymous users.

We have user name and contact details as part of the webform. In the default value, we are using the syntax for the profile module. For example, for the first name field, we use %profile[profile_firstname], first line of address is %profile[profile_address1] and so on.

This works fine when users are logged in, as it always shows their details. However, if a user is annonymous, they are seeing another users details instead.

We have tested it on Webform 2 and 1.10 and have the same problem.

Any ideas?

Comments

quicksketch’s picture

quicksketch
he/him
commented
Status: Active » Fixed

Thanks! Looks like the profile data was being loaded regardless, even if the user wasn't logged in. The data shouldn't have been totally random, it was pulling out the first record of profile data that it could find, where the UID == 0. Although, I'm not sure why there'd be data in your profile tables for UID 0.

Either way, we shouldn't have been loading the profile data at all for anonymous users, so I fixed it in this patch:

http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/webform/web...

It'll be fixed in 2.1, which I'm trying to release shortly.

blairski’s picture

blairski commented

Wow, thanks for the quick response!

I've tested the patch and it works. Fantastic!

Just one thing though.
Now it is showing the tags for anonymous users.. eg %profile[profile_firstname] rather then just blank fields.

Is this expected?

quicksketch’s picture

quicksketch
he/him
commented
Status: Fixed » Needs work

Oh dang! Right, we should delete that entirely. Thanks, I'll give this another shot.

quicksketch’s picture

quicksketch
he/him
commented
Status: Needs work » Fixed

Alright, here's a different approach where the replacement still occurs but the profile isn't loaded. Let me know if this gives you any trouble.

http://cvs.drupal.org/viewvc.py/drupal/contributions/modules/webform/web...

blairski’s picture

blairski commented

Hi Quicksketch,

Just tested the new v2.1 and it is perfect and the bug is clear. No problems at all. Thanks very much for sorting that out so quickly. Very much appreciated.

Blairski

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.