Issue Details (XML | Word | Printable)

Key: MDL-18265
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Petr Skoda
Reporter: David Bogner
Votes: 1
Watchers: 5
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle

User profile fields are overwritten by default value when user updates profile even if it's locked

Created: 16/Feb/09 07:33 AM   Updated: 24/Mar/09 01:04 PM
Return to search
Component/s: Authentication
Affects Version/s: 1.8.8, 1.9.4
Fix Version/s: 1.8.9, 1.9.5

File Attachments: 1. Text File field_menu_lock.patch (1 kB)
Image Attachments:

1. edit_profile.gif
(12 kB)
2. user_progile_editing.gif
(34 kB)

Participants: Anthony Borrow, David Bogner, Jerome Mouneyrac, Petr Skoda and Vlas Voloshin
Security Level: None
QA Assignee: Jerome Mouneyrac
Difficulty: Easy
Resolved date: 15/Mar/09
Affected Branches: MOODLE_18_STABLE, MOODLE_19_STABLE
Fixed Branches: MOODLE_18_STABLE, MOODLE_19_STABLE


 Description  « Hide
Following scenario
- user profile field created
- defaullt value for user profile field specified
- user profile field locked
- user profile field visible to user

With these properties set, when a user edits the profile following happens
- instead of displaying the actual value of the user profile field, the default value ist displayed in the form
- when user saves the profile, the default value replaces the actual value of the user profile field

So these are actually two bugs, but the second bug could be a security issue, because the Capabilities of the user aren't respected (prevent from updating the user profile field, even if it's locked)

This bug is reproducable (tested on two different systems)

The issue could be there (/user/profile/field/lib.php)

    function edit_field_set_locked(&$mform) {
        if ($this->is_locked() and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
            $mform->hardFreeze($this->inputname);
            $mform->setConstant($this->inputname, $this->data);
        }
    }

and there (/user/profile/field/lib.php)

    function edit_field_set_default(&$mform) {
        if (!empty($default)) {
            $mform->setDefault($this->inputname, $this->field->defaultdata);
        }
    }

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
David Bogner made changes - 25/Feb/09 11:43 PM
Field Original Value New Value
Attachment user_progile_editing.gif [ 16376 ]
Attachment edit_profile.gif [ 16377 ]
Anthony Borrow made changes - 02/Mar/09 04:41 PM
Priority Major [ 3 ] Critical [ 2 ]
Petr Skoda made changes - 08/Mar/09 01:38 AM
Security Could be a security issue [ 10030 ]
Priority Critical [ 2 ] Major [ 3 ]
Petr Skoda made changes - 08/Mar/09 01:57 AM
Status Open [ 1 ] In Progress [ 3 ]
Petr Skoda made changes - 08/Mar/09 02:29 AM
Fix Version/s 1.9.5 [ 10320 ]
Priority Major [ 3 ] Critical [ 2 ]
Petr Skoda made changes - 08/Mar/09 06:03 AM
Affects Version/s 1.8.8 [ 10314 ]
Fix Version/s 1.8.9 [ 10322 ]
Petr Skoda made changes - 08/Mar/09 06:05 AM
Status In Progress [ 3 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Vlas Voloshin made changes - 10/Mar/09 07:24 PM
Attachment field_menu_lock.patch [ 16507 ]
Petr Skoda made changes - 13/Mar/09 07:22 PM
Status Resolved [ 5 ] Reopened [ 4 ]
Resolution Fixed [ 1 ]
Petr Skoda made changes - 15/Mar/09 10:47 PM
Status Reopened [ 4 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Jerome Mouneyrac made changes - 24/Mar/09 10:07 AM
QA Assignee jerome
Jerome Mouneyrac made changes - 24/Mar/09 10:39 AM
Status Resolved [ 5 ] Closed [ 6 ]

Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators