Users can checkout without entering required profile fields [#547242]

Profile fields are validated when the user fills out the attendee contact info form, but the checkout pane only redirects back to the attendees form if the email addresses don't match the quantity in the cart. This allows users to create accounts with blank required profile fields simply by bypassing the profile fields form and proceeding to /cart.

Comment	File	Size	Author
#1	547242.patch	2.45 KB	ezra-g

Comments

Comment #1

ezra-g commented 7 September 2009 at 15:37

Status:

Active

» Needs review

Status	File	Size
new	547242.patch	2.45 KB

This patch switches from user_save to a drupal_execute approach and causes order submission to fail and deletes temporary signups for an order when form validation fails.

Comment #2

ezra-g commented 7 September 2009 at 18:55

Status:

Needs review

» Fixed

This is now committed.

Comment #3

21 September 2009 at 19:00

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Users can checkout without entering required profile fields

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community