Attachments are currently sent through emails generated by FormIt. Those files are stored locally in the 'tmp' folder. As we all know, these files are removed after X-hours/days (PHP setting). This isn't very GDPR compliant, which requires us to handle data with care and not store it if it is not necessary. We need to be able to control the sending of attachments and how they are stored.
Proposed solution:
2 new parameters
storeAttachments
This is disabled by default (0). When enabling it (1), it will check the system settings below to see where the files should be stored. If storeAttachments is enabled and the two system settings aren't set correctly, there will be an error shown on both the frontend and the MODX error log.
We believe that this feature should only work if the developer of the site is aware of where the files are stored. That location should be set in the system settings.
Attachments file encryption
The filenames will be hashed and the contents will be encrypted using OpenSSL. Downloading the files from within FormIt will involve a connector which decrypts the file and has a header 'file-attachment' which triggers a download.
Files are stored in a subfolder of the attachments-folder, which is specified in the system settings. The subfolder's name is the ID of the form.
emailAttachments
This is enabled by default (1), but can also be disabled.
Attachments are currently sent through emails generated by FormIt. Those files are stored locally in the 'tmp' folder. As we all know, these files are removed after X-hours/days (PHP setting). This isn't very GDPR compliant, which requires us to handle data with care and not store it if it is not necessary. We need to be able to control the sending of attachments and how they are stored.
Proposed solution:
2 new parameters
storeAttachments
This is disabled by default (0). When enabling it (1), it will check the system settings below to see where the files should be stored. If storeAttachments is enabled and the two system settings aren't set correctly, there will be an error shown on both the frontend and the MODX error log.
We believe that this feature should only work if the developer of the site is aware of where the files are stored. That location should be set in the system settings.
Attachments file encryption
The filenames will be hashed and the contents will be encrypted using OpenSSL. Downloading the files from within FormIt will involve a connector which decrypts the file and has a header 'file-attachment' which triggers a download.
Files are stored in a subfolder of the attachments-folder, which is specified in the system settings. The subfolder's name is the ID of the form.
emailAttachments
This is enabled by default (1), but can also be disabled.
System settings