-
Bug
-
Resolution: Fixed
-
Minor
-
3.5.12, 3.7.5, 3.7.6, 3.8.2, 3.8.3, 3.9
-
MOODLE_35_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
-
MOODLE_35_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
-
Scheduled tasks typically reset the current effective user if they have changed it by calling cron_setup_user() before returning, however, mod_forum\task\cron_task::queue_user_tasks() overlooks this, which means that for the scheduled tasks running after, if they trigger logged events, the effective user of those events will be whoever was last set by Forum's task.
To avoid such accidents in general, cron_run_inner_scheduled_task() ought to call cron_setup_user() in the same manner that cron_run_inner_adhoc_task() does.
This problem raises privacy concerns because a cron task could be run with the wrong cronuser set and that task may send out personal information about that user.