Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64695

tool_dataprivacy doesn't filter multilang tags within $SITE->fullname

XMLWordPrintable

    • MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
    • MOODLE_37_STABLE, MOODLE_38_STABLE
    • Hide

      Configure multilang site full name

      1. Log in as admin
      2. Navigate to Site administration > Users > Privacy and policies > Privacy settings
      3. Enable Contact the privacy officer
      4. Navigate to Site administration > Front page > Front page settings in Site administration
      5. Set Full site name to the following: <span class="multilang" lang="en">Moodle (EN)</span><span class="multilang" lang="de">Moodle (DE)</span>
      6. Navigate to Plugins > Filters > Manage filters in Site administration
      7. Set Multi-Language Content to On & Apply to to Content and headings
      8. Perform sanity check by visiting Site home and confirming the site heading shows "Moodle (EN)" and not "Moodle (DE)"

      Create privacy data request

      1. Create a new user: Charlie Carrot
      2. Log out
      3. Log in as Charlie Carrot
      4. Navigate to your profile
      5. Under Privacy and policies press Export all of my personal data
      6. Press Save changes
      7. Log out

      Approve data request

      1. Log in as admin
      2. Confirm you have a new notification regarding Charlie Carrot's data request
      3. Click to view the full notification
      4. Confirm under You have received a data request heading the Site row is "Moodle (EN)" and not "Moodle (DE)"
      5. Press View the request
      6. Click Actions > Approve request and confirm the dialogue for Charlie Carrot's request
      7. Wait for cron to process the request
      8. Log out

      View the data request

      1. Log back in as Charlie Carrot
      2. Confirm you have a new notification regarding your data request
      3. Click to view the full notification
      4. Confirm the content shows the data is from Moodle (EN) and not Moodle (DE)
      5. Press Download
      6. Locate downloaded file and extract
      7. Open the "index.html" file in the root of the extracted export
      8. Confirm the footer of the page contains the following text: "Exported from Moodle (EN)" and not "Moodle (DE)"
      Show
      Configure multilang site full name Log in as admin Navigate to Site administration > Users > Privacy and policies > Privacy settings Enable Contact the privacy officer Navigate to Site administration > Front page > Front page settings in Site administration Set Full site name to the following: <span class="multilang" lang="en">Moodle (EN)</span><span class="multilang" lang="de">Moodle (DE)</span> Navigate to Plugins > Filters > Manage filters in Site administration Set Multi-Language Content to On & Apply to to Content and headings Perform sanity check by visiting Site home and confirming the site heading shows "Moodle (EN)" and not "Moodle (DE)" Create privacy data request Create a new user: Charlie Carrot Log out Log in as Charlie Carrot Navigate to your profile Under Privacy and policies press Export all of my personal data Press Save changes Log out Approve data request Log in as admin Confirm you have a new notification regarding Charlie Carrot's data request Click to view the full notification Confirm under You have received a data request heading the Site row is "Moodle (EN)" and not "Moodle (DE)" Press View the request Click Actions > Approve request and confirm the dialogue for Charlie Carrot's request Wait for cron to process the request Log out View the data request Log back in as Charlie Carrot Confirm you have a new notification regarding your data request Click to view the full notification Confirm the content shows the data is from Moodle (EN) and not Moodle (DE) Press Download Locate downloaded file and extract Open the "index.html" file in the root of the extracted export Confirm the footer of the page contains the following text: "Exported from Moodle (EN)" and not "Moodle (DE)"

      In our Moodle installation, $SITE->fullname contains multilang tags (for the german and english site name).

      We have noticed that tool_dataprivacy doesn't filter these multilang tags. As a result, the multilang tags are still there in the mail notifications which are sent for data requests (e.g. https://github.com/moodle/moodle/blob/master/admin/tool/dataprivacy/classes/task/process_data_request_task.php#L179) as well as in the data export's index.html

      My proposal is to replace all occurences of $SITE->fullname with filter_string($SITE->fullname)

            pholden Paul Holden
            abias Alexander Bias
            Alexander Bias Alexander Bias
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Janelle Barcega Janelle Barcega
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 50 minutes
                1h 50m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.