Drupal PCI Compliance Issues With User Login Form

Here’s another quick one,

We recently had a client report that they received a PCI violation because Drupal login forms do not feature the “autocomplete=off” attribute. This could be fixed with a custom template, or hacking core (!!!) but I whipped up this quick module to fix it instead, so that I wouldn’t have to worry about issues integrating with client templates and could distribute the module out over our entire farm.

function emunications_form_user_login_alter(&$form, &$form_state) { $form[‘#attributes’][‘autocomplete’] = ‘off’; } function emunications_form_user_login_block_alter(&$form, &$form_state) { $form[‘#attributes’][‘autocomplete’] = ‘off’; } drop the code into your own module (and of course, change the prefix to match) to use it.