Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 3.1
-
Fix Version/s: 3.1
-
Component/s: Authentication, User management
-
Labels:
-
Testing Instructions:
-
Affected Branches:MOODLE_31_STABLE
-
Fixed Branches:MOODLE_31_STABLE
-
Pull from Repository:
-
Pull Master Branch:
MDL-52781-master -
Pull Master Diff URL:
-
Sprint:3.1 Sprint 7
Description
On the MDL-50705 we've introduced the core_user::fill_properties_cache() to be a reference of which parameter should be used to validate a specific field of the user table.
In the first stage, only the type property was added, now, we need to improve that method, adding other properties null and choices.
- The null property would be a reference to check if a user field is NULL_ALLOWED or NULL_NOT_ALLOWED.
- The choices property would control which values are accepted for a user field, for example: timezones, country, calendartype, themes... all those options should be checked agains a list of accepted values. In the timezone for example should be a valid timezone, checked against core_date::get_list_of_timezones(). The country should be checked against get_string_manager()->get_list_of_countries() and so on..
The main goal of this issue is sanitize the data inserted on moodle and make sure it's safe.
Things that should be considered on this issue:
- Add a validate() method, to validate a field against a parameter.
- Maybe add a clean() method, to clean the data.
- Decide if this validation should be extended to user API methods: user_create_user() and user_update_user.
- Consider change other entry points such webservices and forms(good experiment would be to change the normal and advanced user edit forms) to use this new parameter validation.
- Extensive testing instructions to make user it doesn't break anything.
Attachments
Issue Links
- caused a regression
-
MDL-55873 auth_email does not prevent from creating invalid user names (i.e. containing space)
-
- Closed
-
-
MDL-54006 Valid csv file shows warnings when imported.
-
- Closed
-
- has been marked as being related by
-
MDL-52843 User names PARAM type inconsistency
-
- Closed
-
- will help resolve
-
MDL-53913 Problematic new function Expected Parameters for some user function fill_properties_cache()
-
- Closed
-