1
I've noticed with the 'Contact Us' module that even if I log in as a test user who has no Admin rights at all, when I click on 'Contact Us' many of the fields are filled in with my admin details, e.g. my web site, e-mail address etc (i.e. not the details of the test user).
I first noticed it was when I was logged on with my admin account. I just assumed that because I was logged in, the module pulled out my login details and placed them in the form for me. However, it seems that if other registered users use the form my details may also be added to their forms?
So far no one has complained and I have received contact from users, but I'm unsure whether, in their case, it was always a blank form or whether they have just overwritten my details with their own?
I've tried deleting my cookies etc in case that was causing it and it does not appear to have made any difference.
What worries me is if the site was ever access more than once from a public machine and used by one registered user, then if another person access the site from the same machine whose details would the module call?
If someone could visit my site and click on the contact us bit and let me know what they see I'd be grateful.
Mysterious. Any clues? Thanks