Hidden field leaking plugin version number

Dear Contact Form 7 team,

In the output of one of my client’s websites I found that Contact Form 7 is leaking its version number in a hidden field (for every form):
<input type="hidden" name="_wpcf7_version" value="5.6.1" />

This hidden field is generated in the private method WPCF7_ContactForm::form_hidden_fields() (in /includes/contact-form.php on line 703), which also performs a filter named wpcf7_form_hidden_fields on these hidden fields with:

$hidden_fields += (array) apply_filters(
	'wpcf7_form_hidden_fields', array()
);

Unfortunately this notation uses +=, making it impossible to use the filter to actually filter the hidden fields, only allowing adding of fields.

To be able to prevent the plugin from leaking version information, could you please make it possible to either…

1) Let a developer use the filter wpcf7_form_hidden_fields to filter the hidden fields Contact Form 7 generates, as well?

or

2) Let the plugin user disable the Contact Form 7 version in the hidden fields?

Thank you!

• This topic was modified 2 years, 4 months ago by mezzomedia.