We are using SugarCRM Professional 6.4.2 hosted on our own LAMP server.
For the sake of privacy, I want to override the way /modules/Campaigns/WebToLeadCapture.php
handles the "redirect" destination. Currently it includes all the form field data as GET
variables in the redirect URI string which, when combined with web analytics tools, kiosk computers, etc., exposes our users' data.
I know where the URI string is constructed in WebToLeadCapture.php
, and I know how to remove/disable that section of code, but I want to do this in an upgrade-safe location—not in the same file.
WebToLeadCapture.php
does have a line about upgrade-safe customizations, but it's not especially helpful:
/**
* To make your changes upgrade safe create a file called leadCapture_override.php and place the changes there
*/
...I don't know where the suggested leadCapture_override.php
file is intended to go.
I am inclined to conclude, based on the results of my web and forum research, that the recommendation to use that filename is a relic of when WebToLeadCapture.php
was located (not as a mere redirect, as it is now) in the web root of the SugarCRM application, before the allowed "Entry Points" code was revamped.
This is further complicated by the fact that the web to lead capture functionality is designed to use /index.php
as the form action, meaning that the core code-base determines (somehow) which file to use to handle the action, and has to recognize it as an allowed entry point. In other words, if SugarCRM is equipped to allow upgrade-safe customizations to WebToLeadCapture.php
, it would have to look for the existence of a specific file in a specific location as a potential replacement.
Any recommendations or advice?
Thanks in advance!