Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11030

Credit card information not correctly removed from cache table



      During event registration (pre-confirmation and thank-you page), credit card information appears in two rows in the cache table: one with path = CiviCRM_CRM_Event_Controller_Registration[key] (note the underscore at the beginning) and the other with path = CiviCRM_CRM_Event_Controller_Registration_[key].

      To reproduce, start registering for an event (in live, not test-drive mode, using authorize.net (not sure about others that collect cc info)). Enter cc info and click to the next page. Then you should be able to see the cc info in clear text in the 'data' fields of two of the three rows returned by the following query:

      SELECT *
      FROM `civicrm_cache`
      WHERE `data` LIKE '%credit_card_number%'

      Now confirm your registration, and you should see the thank-you screen. Credit card information should now be removed from cache table. Repeat the above query and you'll find that the row with the underscore preceding the path is gone, but the other one, also with the cc number still in it, persists. Both rows should be gone. The second row eventually gets removed by a cron job, but it should really disappear right away.

      Lobo noted that the clearing should happen in CRM/Core/Controller.php, function reset.

      Can someone confirm if this affects 4.2 also? I don't have the resources (ip addresses/ssl certificates) to work with 2 versions of civi processing live card info at once.




            • Assignee:
              lobo Donald A. Lobo
              jakecivi Jake Wise
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: