Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52843

User names PARAM type inconsistency

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.4, 3.0.2, 3.1
    • Fix Version/s: 2.9.5, 3.0.3
    • Component/s: User management
    • Labels:
    • Testing Instructions:
      Hide
      1. Enable users self-registration on the site.
      2. Register as a new user. Use multi-lang syntax for your First name and/or Surname fields, e.g. <span class="multilang" lang="en">Foo</span><span class="multilang" lang="cs">Bar</span>
      3. Check how that name is displayed to the admin when browsing user accounts. Use the HTML source code viewer and make sure there is just "FooBar" with no surrounding spans.
      Show
      Enable users self-registration on the site. Register as a new user. Use multi-lang syntax for your First name and/or Surname fields, e.g. <span class="multilang" lang="en">Foo</span><span class="multilang" lang="cs">Bar</span> Check how that name is displayed to the admin when browsing user accounts. Use the HTML source code viewer and make sure there is just "FooBar" with no surrounding spans.
    • Affected Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE, MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-52843-master-paramsignup

      Description

      While working on MDL-52831 I noticed that in the signup form, we use PARAM_TEXT for fields like lastname and firstname. But those fields are correctly considered as PARAM_NOTAGS when editing the user profile later.

      It is not urgent and it should not represent a security issue. In theory it can led to situation when a user registers themselves with names using multi-lang filter syntax and there might be a code that uses format_string() to display the name. It is not common though.

      In any case, these parameters should be consistent in all three forms (signup, edit and editadvanced).

      Dan Poltawski pointed me to an issue MDL-52781 that aims to provide a single place to define these things which sounds like a proper solution. Meanwhile, I am suggesting to just fix the signup form to be consistent with user profile forms.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  14/Mar/16