Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I had been hunting for a way to prevent users from entering credit card numbers in submissions, but couldn't find anything robust.
I wrote a custom validation using this great module (and included clientside validation support) that removes all non-numbers, and then Luhn checks every 15 and 16 digit sequence in a number, textfield, or textarea component and rejects any component containing a sequence that passes.
My code is here: https://www.drupal.org/sandbox/jannis/2486167
Comment | File | Size | Author |
---|---|---|---|
#18 | prevent_credit_card-2486411-18.patch | 8.13 KB | karolinam |
#17 | prevent_credit_card-2486411-17.patch | 7.28 KB | mvc |
| |||
#15 | prevent_credit_card-2486411-15.patch | 5.96 KB | dhruveshdtripathi |
#13 | prevent_credit_card-2486411-13.patch | 12.34 KB | dhruveshdtripathi |
#11 | prevent_credit_card-2486411-11.patch.patch | 12.34 KB | dhruveshdtripathi |
Comments
Comment #1
Liam MorlandThanks. Can you write this as a patch to webform_validation?
Comment #2
jannis CreditAttribution: jannis commentedI've done a lot of work on the 'no_ccs' module, and one important feature is that is uses clientside validation to do a javascript check which completely prevents transmission of potential credit card numbers.
Knowing that my module is best used with clientside validation and requires js, should I just add a patch that includes the entire module and js as a sub-module? Or would you want just the standard server-side validation code ?
Comment #3
Liam MorlandThis is perhaps a less-common use case, so perhaps it is best for it to be a sub-module.
Comment #4
jannis CreditAttribution: jannis commentedComment #5
jannis CreditAttribution: jannis commentedWrong patch there here's the right one
Comment #6
jannis CreditAttribution: jannis commentedHaving all kinds of trouble getting the patch to upload. Here it is one more time.
Comment #7
Liam MorlandComment #10
Liam MorlandThe patch contains a patch file.
Comment #11
dhruveshdtripathi CreditAttribution: dhruveshdtripathi at DevsAdda commentedComment #13
dhruveshdtripathi CreditAttribution: dhruveshdtripathi at DevsAdda commentedComment #15
dhruveshdtripathi CreditAttribution: dhruveshdtripathi at DevsAdda commentedComment #16
Liam MorlandThanks. Please run a coding standards check on your patch. Every file should end in a newline. There should not be more than two newlines in a row. Please provide full doxygen comments for each function. Please indent with two spaces. Please ensure every function name starts with
_?webform_validation_
.Comment #17
mvcI believe the regex in the previous patch will strip non-numeric characters before testing, meaning that the string "my favourite numbers are 41111111 and 11111111" will be flagged as a false positive. This also assumes all credit cards are either 15 or 16 digits, which is usually but not always the case in the US and is not true globally. I also swapped out the Luhn algorithm check with one from Symfony (the license permits this with attribution).
I've rewritten the PHP test but we don't use clientside validation with JS here so I am leaving that as an exercise for someone else.
@Liam Morland: I installed phpcs just to check this patch before submitting it, as per your request :)
Comment #18
karolinam CreditAttribution: karolinam at McGill University commentedI made a few changes to patch from comment #17 (prevent_credit_card-2486411-17.patch), more precisely to
_webform_validation_no_ccs_check_for_valid_luhn()
function:Comment #19
Liam MorlandComment #20
Liam MorlandThis patch adds coding standards issues. Please fix.