Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-82494

User profile field names are formatted using the wrong method

XMLWordPrintable

    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MDL-82494-403
    • MDL-82494-404
    • Hide

      Regression test only

      1. Log in as admin
      2. Navigate to Users > User profile fields in site administration
      3. Create a new Text input field
        • Short name: field1
        • Name: This & That > There
      4. Navigate to your profile page
      5. Press Edit profile
      6. Set This & That > There to "Hello"
      7. Confirm on profile page the field name shows correctly
      8. Navigate to Reports from user menu
      9. Create new report from Users report source
        • Include default setup: No
      10. Add the User • This & That > There column to report
      11. Confirm report table does not double encode the column name
      12. Add the User • This & That > There condition to report
      13. Confirm condition container does not double encode the condition name
      14. Add the User • This & That > There filter to report
      15. Confirm filter container does not double encode the condition name
      Show
      Regression test only Log in as admin Navigate to Users > User profile fields in site administration Create a new Text input field Short name: field1 Name: This & That > There Navigate to your profile page Press Edit profile Set This & That > There to "Hello" Confirm on profile page the field name shows correctly Navigate to Reports from user menu Create new report from Users report source Include default setup: No Add the User • This & That > There column to report Confirm report table does not double encode the column name Add the User • This & That > There condition to report Confirm condition container does not double encode the condition name Add the User • This & That > There filter to report Confirm filter container does not double encode the condition name

      The changes from MDL-77967 added an API to return formatted "display name" of user profile fields:

      https://github.com/moodle/moodle/commit/e258e86f15d9346bf0db547598a54314b7aaacd1#diff-b7e62174fb651285a4d771696a12cd6cbf6ad512652e1a90dc3cbe7ec676fe86

      For some reason, it's calling format_text(...) on the field name, which is incorrect because the field name is a simple string (that method is for textual data usually from text editors, that expects a FORMAT_* parameter). We can see that format_string(...) is typically called to format this value:

      $ git grep "field\->name" user
      user/profile/field/checkbox/field.class.php:        $checkbox = $mform->addElement('advcheckbox', $this->inputname, format_string($this->field->name));
      user/profile/field/datetime/field.class.php:            $mform->addElement('date_time_selector', $this->inputname, format_string($this->field->name), $attributes);
      user/profile/field/datetime/field.class.php:            $mform->addElement('date_selector', $this->inputname, format_string($this->field->name), $attributes);
      user/profile/field/menu/field.class.php:        $mform->addElement('select', $this->inputname, format_string($this->field->name), $this->options);
      user/profile/field/social/field.class.php:        $mform->addElement('text', $this->inputname, $this->field->name, null, null);
      user/profile/field/social/field.class.php:        $field->name = $networks[$field->name];
      user/profile/field/text/field.class.php:        $mform->addElement($fieldtype, $this->inputname, format_string($this->field->name),
      user/profile/field/textarea/field.class.php:        $mform->addElement('editor', $this->inputname, format_string($this->field->name), null, null);
      user/profile/index.php:            $fieldname = format_string($field->name);
      user/profile/index.php:                $fieldname = $classname::get_fieldname($field->name);
      user/profile/lib.php:        return format_text($this->field->name, FORMAT_MOODLE, [
      user/profile/lib.php:            $data[$categoryname][$field->inputname] = $field->field->name;
      user/tests/profilelib_test.php:            $this->assertEquals('My field', $customfield->name);
      

      This causes problems for code that tries to call the current display_name() method because it causes double encoding, so at the same time as fixing the method call we could make a change similar to here to allow callers to control escaping

            pholden Paul Holden
            pholden Paul Holden
            Stevani Andolo Stevani Andolo
            Ilya Tregubov Ilya Tregubov
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 11 minutes
                3h 11m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.