Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16730

CSV User Import: Enforce validation of username field

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Login as admin and goto user csv import
      2. create a csv file with following content

        username,password,firstname,lastname,email
        dduc@!#k,test,donald,duck,ddudddk@test.com
        mmous{}/ze,test,mickey,mouse,mmodduse@test.com
        "ba  mbi",test,bambi,bambi,bambi@test.com
        elmo,test,elmo,elmo,elmo@test.com
        

      3. Disable the setting extendedusernamechars
      4. Try importing the csv
      5. make sure you get invalid username error for first three entries
      6. enable the setting extendedusernamechars
      7. try importing again and make sure you get error only for the third entry
      8. switch 'Standardise usernames' to 'No'.
      9. go ahead and finish the import, make sure there are no further errors.
      Show
      Login as admin and goto user csv import create a csv file with following content username,password,firstname,lastname,email dduc@!#k,test,donald,duck,ddudddk@test.com mmous{}/ze,test,mickey,mouse,mmodduse@test.com "ba mbi",test,bambi,bambi,bambi@test.com elmo,test,elmo,elmo,elmo@test.com Disable the setting extendedusernamechars Try importing the csv make sure you get invalid username error for first three entries enable the setting extendedusernamechars try importing again and make sure you get error only for the third entry switch 'Standardise usernames' to 'No'. go ahead and finish the import, make sure there are no further errors.
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Pull Master Branch:
      MDL-16730-master

      Description

      Around lines 123-142 of the /user/editadvanced_form.php file, there are a series of validation checks for the username. I think these should be moved to a function called something like valid_username that returns either true or the error (where the validation failed). In this way, we could easily enforce the validation of usernames when they come in via a CSV file (/admin/uploaduser.php). Currently we verify that the username contains no whitespace, is lowercase, and is alphanumeric allowing also dashes , slashes (/ and ), periods (.) and parentheses (). I'm not sure how much of this is intentional. We may want to improve and limit it more closely to alphanums. I can see application for the dashes and periods but wonder about slashes and parentheses.

      I think this is a matter of consistency. I came across a user who was putting underscores in the usernames via CSV files and this is not allowed when manually adding a user. In general, I would like to see that we are performing the same validation on CSV data as we do for manually added data. Peace - Anthony

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  14/Jan/13