Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-11030

Credit card information not correctly removed from cache table

    Details

      Description

      During event registration (pre-confirmation and thank-you page), credit card information appears in two rows in the cache table: one with path = CiviCRM_CRM_Event_Controller_Registration[key] (note the underscore at the beginning) and the other with path = CiviCRM_CRM_Event_Controller_Registration_[key].

      To reproduce, start registering for an event (in live, not test-drive mode, using authorize.net (not sure about others that collect cc info)). Enter cc info and click to the next page. Then you should be able to see the cc info in clear text in the 'data' fields of two of the three rows returned by the following query:

      SELECT *
      FROM `civicrm_cache`
      WHERE `data` LIKE '%credit_card_number%'

      Now confirm your registration, and you should see the thank-you screen. Credit card information should now be removed from cache table. Repeat the above query and you'll find that the row with the underscore preceding the path is gone, but the other one, also with the cc number still in it, persists. Both rows should be gone. The second row eventually gets removed by a cron job, but it should really disappear right away.

      Lobo noted that the clearing should happen in CRM/Core/Controller.php, function reset.

      Can someone confirm if this affects 4.2 also? I don't have the resources (ip addresses/ssl certificates) to work with 2 versions of civi processing live card info at once.

        Activity

        jakecivi Jake Wise created issue -
        lobo Donald A. Lobo made changes -
        Field Original Value New Value
        Fix Version/s 4.2.3 [ 11490 ]
        Hide
        lobo Donald A. Lobo added a comment -

        jake:

        committed a patch for this. Can you please apply the patch and retest

        thanx

        lobo

        Show
        lobo Donald A. Lobo added a comment - jake: committed a patch for this. Can you please apply the patch and retest thanx lobo
        Hide
        lobo Donald A. Lobo added a comment -

        jake:

        another trick is to use the dummy processor

        it accepts credit cards, but u dont need ssl (it does not do anything with them either)

        setting up a local install to test and debug such stuff is super important

        lobo

        Show
        lobo Donald A. Lobo added a comment - jake: another trick is to use the dummy processor it accepts credit cards, but u dont need ssl (it does not do anything with them either) setting up a local install to test and debug such stuff is super important lobo
        Hide
        lobo Donald A. Lobo added a comment -


        Note that the cleaner job would continue to remove these entries. This fix removes it immediately for completed transactions

        Show
        lobo Donald A. Lobo added a comment - Note that the cleaner job would continue to remove these entries. This fix removes it immediately for completed transactions
        lobo Donald A. Lobo made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed/Completed [ 1 ]

          People

          • Assignee:
            lobo Donald A. Lobo
            Reporter:
            jakecivi Jake Wise
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development