[MDL-75360] HTML tags in user selector autocomplete elements trigger exceptions - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.11.8
Fix Version/s: 3.11.10, 4.0.4
Component/s: Report builder, User management, Web Services
Labels:
- ci
- triaged

Affected Branches:
MOODLE_311_STABLE
Fixed Branches:
MOODLE_311_STABLE, MOODLE_400_STABLE
Pull from Repository:
https://github.com/paulholden/moodle.git
Pull 3.11 Branch:
~~MDL-75360~~-311
Pull 3.11 Diff URL:
https://github.com/moodle/moodle/compare/MOODLE_311_STABLE...paulholden:MDL-75360-311
Pull 4.0 Branch:
~~MDL-75360~~-400
Pull 4.0 Diff URL:
https://github.com/moodle/moodle/compare/MOODLE_400_STABLE...paulholden:MDL-75360-400
Pull Master Branch:
~~MDL-75360~~
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...paulholden:MDL-75360
Testing Instructions:
Hide

Log in as admin

Navigate to Server > Web services > Manage tokens

Open Tokens filter form

In User field enter "<"

Confirm autocomplete is populated, no exceptions are thrown
Show
Log in as admin Navigate to Server > Web services > Manage tokens Open Tokens filter form In User field enter "<" Confirm autocomplete is populated, no exceptions are thrown

Description

Same problem as that described in ~~MDL-74100~~, for all forms using an autocomplete enhanced via 'core_user/form_user_selector' AJAX call, a user entering anything that Moodle considers "invalid" will trigger an exception

Example from webservices (same effect observed in Report builder forms):

invalidparameter

Invalid parameter value detected

File: /lib/externallib.php

Line: 366

Stack trace:

query => Invalid parameter value detected (Invalid external api parameter: the value is "<", the server was expecting "text" type): Invalid external api parameter: the value is "<", the server was expecting "text" type

Error code: invalidparameter

* line 366 of /lib/externallib.php: invalid_parameter_exception thrown

* line 240 of /lib/externallib.php: call to external_api::validate_parameters()

* line 81 of /lib/ajax/service.php: call to external_api::call_external_function()

query => Invalid parameter value detected (Invalid external api parameter: the value is "<", the server was expecting "text" type): Invalid external api parameter: the value is "<", the server was expecting "text" type

Error code: invalidparameter

* line 366 of /lib/externallib.php: invalid_parameter_exception thrown

* line 240 of /lib/externallib.php: call to external_api::validate_parameters()

* line 81 of /lib/ajax/service.php: call to external_api::call_external_function()

We can make this friendlier to the end user by avoiding showing confusing/unhelpful exceptions in the UI (defer parameter cleaning until later)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

75360 Exception.png
76 kB
03/Aug/22 4:00 AM
MDL-75360_master.png
35 kB
01/Sep/22 3:39 PM
MDL-75360_v311.png
34 kB
01/Sep/22 3:38 PM
MDL-75360_v400.png
31 kB
01/Sep/22 3:39 PM

Issue Links

has a non-specific relationship to

MDL-74100 Html tag in timeline or course search trigger an error

Closed

Activity

People

Assignee:: Paul Holden

Reporter:: Paul Holden

Peer reviewer:: Sara Arjona (@sarjona)

Integrator:: Victor Déniz Falcón

Tester:: John Edward Pedregosa

Participants:: CiBoT, John Edward Pedregosa, Paul Holden, Sara Arjona (@sarjona), Victor Déniz Falcón

Component watchers:: Carlos Castillo, David Matamoros, Mikel Martín Corrales, Paul Holden, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 03/Aug/22 3:55 AM

Updated:: 02/Sep/22 1:27 PM

Resolved:: 02/Sep/22 1:27 PM

Fix Release Date:: 12/Sep/22

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

49m