Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-46232

"Only lowercase letters allowed" error on deleting users with empty email

    Details

    • Testing Instructions:
      Hide
      1. Run the following code:

        <?php
        define('CLI_SCRIPT', true);
        include('config.php');
        $user1 = create_user_record("user1", "password1");
        $user2 = create_user_record("user2", "password2");
        delete_user($user1);
        delete_user($user2);
        

      2. Confirm that you don't get any error.
      3. Also run the test lib/tests/moodlelib_test.php
      Show
      Run the following code: <?php define('CLI_SCRIPT', true); include('config.php'); $user1 = create_user_record("user1", "password1"); $user2 = create_user_record("user2", "password2"); delete_user($user1); delete_user($user2); Confirm that you don't get any error. Also run the test lib/tests/moodlelib_test.php
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-46232-master
    • Sprint:
      Team '; drop tables Sprint 9

      Description

      If you try to delete two user accounts which don't have an email address at the same time, you see the following error message "Only lowercase letters allowed".

      To replicate, run this code (note you'll only see the error if the two deletions occur in the same second):

      $user1 = create_user_record("user1", "password1");
      $user2 = create_user_record("user2", "password2");
      delete_user($user1);
      delete_user($user2);
      

      This seems to be caused by the way that Moodle fabricates a fake username for deleted users in the delete_user() function. It tries the email address + a dot + the current timestamp. If this is already is use, it tries to increment this string to produce another unused username.

      However, where the email address is empty, incrementing this seems to convert to a number (so for example ".1234567890" increments to the number 1.1234567890 instead of the expected string ".1234567891"). When this is passed to user_update_user(), which checks it against the lower case version of itself, the comparison fails as it's using the "identically equals" operator.

      I realise Moodle accounts shouldn't have empty email addresses (and can't be used until an email address is entered), but there's nothing to stop accounts being automatically created without an email address. We often see this in the Shibboleth plugin for example.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                9 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  14/Sep/15