Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-20683

security issue when enabling CFG->profilesforenrolledusersonly

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.9.6
    • 1.9.8
    • General
    • None
    • any
    • MOODLE_19_STABLE
    • MOODLE_19_STABLE

    Description

      Hello,

      in user/edit_form?php in function definition_after_data() I noticed a strange code inversion :

      // remove description
      if (empty($user->description) && !empty($CFG->profilesforenrolledusersonly) && !record_exists('role_assignments', 'userid', $userid))

      { $mform->removeElement('description'); }

      if ($user = get_record('user', 'id', $userid)) {

      // print picture

      Should'nt the test empty($user->description) be after reading the user record ?

      Cheers

      Attachments

        Activity

          People

            poltawski Dan Poltawski
            ppollet Patrick Pollet
            Nobody Nobody
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              25/Mar/10