ALL form values in user data

Patch attch which tries to unset all those vales as per function user_edit_submit.

also, leaving out 'destination' on this assumption that this patch: http://drupal.org/node/79809
will be applied.

I think patch should apply to 4.7 also (after changing path to module)

setting status- patch works for me.

The patch here: http://drupal.org/node/79809

removes the (usused) 'destination' field. However, I'd be happy to add it to this patch instead

This patch also cuts out the 'destination' field from the form definition. As far as I can tell, this isn't actually used- the array key would need to be '#redirect' to have an effect, right?

Well, I didn't think I was sneaking!

Does that 'description' code have any actual effect? I can see any from following the code or testing. If not, then I think removing it is just as valid a solution as unsetting the array element.

@drumm - again, I don't think that code has has any effect, so why not just remove it?

in regards in the 'destination' form value, after playing more, I see that it does have an effect. So, the attached patch adds that and the addition form values 'op' to the list of things to unset.

Below the effect of this is demonstrated. Users 1 & 2 were created before the patch. User 4 was created by the admin after the patch, user 5 was self-registered after the patch.

mysql> select uid, data from users where uid > 0;
+-----+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| uid | data                                                           |
+-----+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|   1 | a:3:{s:2:"op";s:6:"Submit";s:6:"submit";s:18:"Create new account";s:7:"form_id";s:13:"user_register";}                                                           |
|   2 | a:5:{s:11:"destination";s:5:"admin";s:6:"notify";i:0;s:2:"op";s:18:"Create new account";s:6:"submit";s:18:"Create new account";s:7:"form_id";s:13:"user_register";} |
|   4 | a:0:{}                                                           |
|   5 | a:0:{}                                                           |
+-----+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+

same code, just moved it down closer to the user_save call.

a very similar patch for the 4.7 branch

attached patch is updated for current HEAD, and now also takes care of the new 'form_token' in the form. This is really a trivial patch and the basic problem/solution confirmed by killes in #1, so setting RTBC.

Can I propose a more robust solution- what not make a $form['data']['#tree'] = TRUE; element, and only save into the data field those form elements specifically entered under there?

Are there even any modules that use this feature of saving values to the data field?

new patch attached that addresses both user_register and user_edit for 5.x via the simple unset(). However, this is still not robust, since modules like Organic groups that add items to the registration forms still can easily cause this to happen.

setting to 4.7 for backporting

@killes - I hope this means you backported the 5.x patch, since I'm not sure the 4.7.x one from #12 included everthing (especially 'form_token').