Drupal PCI compliance issues with user login form

Mon, 04/10/2017 - 11:41 -- admin

 Here's another quick one,

 We recently had a client report that they received a PCI violation because Drupal login forms do not feature the "autocomplete=off" attribute. This could be fixed with a custom template, or hacking core (!!!) but I whipped up this quick module to fix it instead, so that I wouldn't have to worry about issues integrating with client templates and could distribute the module out over our entire farm.


function emunications_form_user_login_alter(&$form, &$form_state) { $form['#attributes']['autocomplete'] = 'off'; } function emunications_form_user_login_block_alter(&$form, &$form_state) { $form['#attributes']['autocomplete'] = 'off'; } drop the code into your own module (and of course, change the prefix to match) to use it.