Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-18265

User profile fields are overwritten by default value when user updates profile even if it's locked

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • 1.8.9, 1.9.5
    • 1.8.8, 1.9.4
    • Authentication
    • None
    • MOODLE_18_STABLE, MOODLE_19_STABLE
    • MOODLE_18_STABLE, MOODLE_19_STABLE
    • Easy

      Following scenario

      • user profile field created
      • defaullt value for user profile field specified
      • user profile field locked
      • user profile field visible to user

      With these properties set, when a user edits the profile following happens

      • instead of displaying the actual value of the user profile field, the default value ist displayed in the form
      • when user saves the profile, the default value replaces the actual value of the user profile field

      So these are actually two bugs, but the second bug could be a security issue, because the Capabilities of the user aren't respected (prevent from updating the user profile field, even if it's locked)

      This bug is reproducable (tested on two different systems)

      The issue could be there (/user/profile/field/lib.php)

      function edit_field_set_locked(&$mform) {
      if ($this->is_locked() and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM)))

      { $mform->hardFreeze($this->inputname); $mform->setConstant($this->inputname, $this->data); }

      }

      and there (/user/profile/field/lib.php)

      function edit_field_set_default(&$mform) {
      if (!empty($default))

      { $mform->setDefault($this->inputname, $this->field->defaultdata); }

      }

            skodak Petr Skoda
            dasistwas David Bogner
            Jérôme Mouneyrac Jérôme Mouneyrac
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.