Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62980

Data privacy requests can fail validation with unhelpful information for the user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.5, 3.8.4, 3.9.1, 3.10
    • Fix Version/s: 3.8.5, 3.9.2
    • Component/s: Privacy
    • Labels:
    • Testing Instructions:
      Hide

      Creating request for self

      1. Log in as admin
      2. Navigate to Users > Privacy and policies > Privacy settings
      3. Enable Contact the privacy officer and press Save changes
      4. Navigate to your profile page
      5. Under Privacy and policies click Export all of my personal data
      6. Enter "<b>Hello</b>" in the Comments field and press Save changes
      7. Confirm you see "Please ensure your comment contains plain text only. " as a form error
      8. Remove HTML tags from Comments field, leaving just "Hello" and press Save changes
      9. Confirm request is created

      Creating request for other user

      1. Log in as admin
      2. Create a new user: "Marvin Wonder"
      3. Navigate to Users > Privacy and policies > Data requests in site administration
      4. Press New request
      5. Select your user from step 2 in the User field
      6. Enter "<b>Hello</b>" in the Comments field and press Save changes
      7. Confirm you see "Please ensure your comment contains plain text only." as a form error
      8. Remove HTML tags from Comments field, leaving just "Hello" and press Save changes
      9. Confirm request is created
      Show
      Creating request for self Log in as admin Navigate to Users > Privacy and policies > Privacy settings Enable Contact the privacy officer and press Save changes Navigate to your profile page Under Privacy and policies click Export all of my personal data Enter "<b>Hello</b>" in the Comments field and press Save changes Confirm you see " Please ensure your comment contains plain text only. " as a form error Remove HTML tags from Comments field, leaving just "Hello" and press Save changes Confirm request is created Creating request for other user Log in as admin Create a new user: "Marvin Wonder" Navigate to Users > Privacy and policies > Data requests in site administration Press New request Select your user from step 2 in the User field Enter "<b>Hello</b>" in the Comments field and press Save changes Confirm you see " Please ensure your comment contains plain text only. " as a form error Remove HTML tags from Comments field, leaving just "Hello" and press Save changes Confirm request is created
    • Affected Branches:
      MOODLE_310_STABLE, MOODLE_35_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_38_STABLE, MOODLE_39_STABLE
    • Pull 3.8 Branch:
    • Pull 3.9 Branch:
    • Pull Master Branch:

      Description

      Data privacy requests are automatically validated according to the rules in the persistent object. But no checking is performed in a way to present a helpful message to the user who submitted an invalid request. The comments field is the worst offence, because it is a text area allowing anything to be entered, but on the backend it is validated as PARAM_TEXT. This means HTML tags etc will be stripped, but any change to the text will cause the validation to fail with an unhelpful message:

      error/invalidpersistenterror - Bunch of unhelpful text...

       

      To reproduce, create a privacy request with the text "<b>bold</b>" as the comment.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pholden Paul Holden
              Reporter:
              damyon Damyon Wiese
              Peer reviewer:
              Víctor Déniz Falcón
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                14/Sep/20

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 55 minutes
                  2h 55m