Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60141

Field type for sitepolicy in auth_email_get_signup_settings is incorrect

XMLWordPrintable

    • MOODLE_33_STABLE
    • MOODLE_32_STABLE, MOODLE_33_STABLE
    • MDL-60141-master
    • Hide
      1. As admin set the admin setting sitepolicy: Add a link to a web page
      2. Enable the e-mail based self registration auth plugin
      3. Set the admin setting registerauth to Email-based self registration
      4. Then, execute the following curl request:

        curl 'http://localhost/m/stable_master/lib/ajax/service.php' --data-binary '[{"index":0,"methodname":"auth_email_get_signup_settings","args":{}}]' | python -m "json.tool"

      5. And check that among all the fields in the response you see the sitepolicy field correctly set to the web page you used in step 1
      6. As admin set the admin setting sitepolicy again, but now use a random string as value, something like "abcdef"
      7. Execute the curl request again and check that you receive the sitepolicy again with the value you used in the previous step
      Show
      As admin set the admin setting sitepolicy: Add a link to a web page Enable the e-mail based self registration auth plugin Set the admin setting registerauth to Email-based self registration Then, execute the following curl request: curl 'http://localhost/m/stable_master/lib/ajax/service.php' --data-binary ' [{"index":0,"methodname":"auth_email_get_signup_settings","args":{}}] ' | python -m "json.tool" And check that among all the fields in the response you see the sitepolicy field correctly set to the web page you used in step 1 As admin set the admin setting sitepolicy again, but now use a random string as value, something like "abcdef" Execute the curl request again and check that you receive the sitepolicy again with the value you used in the previous step

      It is defined as PARAM_URL but the admin setting in https://github.com/moodle/moodle/blob/master/admin/settings/security.php#L57 is defined as PARAM_RAW

      This may break the mobile app signup features in sites where the site policy is not a PARAM_URL (it could be a relative path, link to a different protocol, internal document, etc..)

            jleyva Juan Leyva
            jleyva Juan Leyva
            Ankit Agarwal Ankit Agarwal
            Andrew Lyons Andrew Lyons
            Andrew Lyons Andrew Lyons
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.