Having a problem with sensitive data in a client-facing form.
Here's my problem: There is a form where I (as the site admin) can edit certain fields on behalf of a client, but that client shouldn't ever see the data. Here's what I've tried:
Disabled input fields and set the field value as "Set by Administrator". Problem: When client saves the form, these fields are wiped (taking the "disabled" fields as being blank).
Set input fields as "readonly" and type="password". This saved correctly, but these values are still viewable in the html source code itself (for any clients savvy enough to look there).
Removed the input field entirely for non-admins with the text "Set by Administrator". But down the road, the system still tries to save values for these input fields (even if they don't exist), so they still end up coming back blank when I view them as the admin.
Since I'm editing a WordPress plugin, I'd prefer the modifications to be light (in other words, I'd really rather not dig through the code even farther to modify the save content if there is a workable solution here).
Thanks for the help.
