Some times custom fields data are set from wrong contact
On membership signup form on page load by default custom field are set with wrong data i.e from a different contact. This has raised big concern for our clients as their confidential data are exposed to others.
This happens when the membership id for the contact is used as contact id to fetch the details.
Steps to replicate on dmaster:
- Create a custom field for a contact, add to profile and include the profile on membership signup/renewal form.
- Find membership
- Look for any contact Smith, Rodrigo. Check for contact id and membership id for the contact. For now the cid=75 and mid=11
- Edit the contact cid=11 and update the custom field created at step 1.
- visit the membership renewal/signup form for cid=75 https://dmaster.demo.civicrm.org/civicrm/contribute/transact?cid=75&reset=1&id=2
Actual result:
Custom field is populated for cid=11 instead cid=75
Expected result:
Custom field is populated for cid=75