-
Improvement
-
Resolution: Fixed
-
Critical
-
3.1
-
MOODLE_31_STABLE
-
MOODLE_31_STABLE
-
MDL-52781-master -
-
3.1 Sprint 7
On the MDL-50705 we've introduced the core_user::fill_properties_cache() to be a reference of which parameter should be used to validate a specific field of the user table.
In the first stage, only the type property was added, now, we need to improve that method, adding other properties null and choices.
- The null property would be a reference to check if a user field is NULL_ALLOWED or NULL_NOT_ALLOWED.
- The choices property would control which values are accepted for a user field, for example: timezones, country, calendartype, themes... all those options should be checked agains a list of accepted values. In the timezone for example should be a valid timezone, checked against core_date::get_list_of_timezones(). The country should be checked against get_string_manager()->get_list_of_countries() and so on..
The main goal of this issue is sanitize the data inserted on moodle and make sure it's safe.
Things that should be considered on this issue:
- Add a validate() method, to validate a field against a parameter.
- Maybe add a clean() method, to clean the data.
- Decide if this validation should be extended to user API methods: user_create_user() and user_update_user.
- Consider change other entry points such webservices and forms(good experiment would be to change the normal and advanced user edit forms) to use this new parameter validation.
- Extensive testing instructions to make user it doesn't break anything.
- caused a regression
-
MDL-55873 auth_email does not prevent from creating invalid user names (i.e. containing space)
-
- Closed
-
-
MDL-54006 Valid csv file shows warnings when imported.
-
- Closed
-
- has been marked as being related by
-
MDL-52843 User names PARAM type inconsistency
-
- Closed
-
- will help resolve
-
MDL-53913 Problematic new function Expected Parameters for some user function fill_properties_cache()
-
- Closed
-