-
Bug
-
Resolution: Fixed
-
Minor
-
4.3 regressions, 4.3.6, 4.4.2
The changes from MDL-77967 added an API to return formatted "display name" of user profile fields:
For some reason, it's calling format_text(...) on the field name, which is incorrect because the field name is a simple string (that method is for textual data usually from text editors, that expects a FORMAT_* parameter). We can see that format_string(...) is typically called to format this value:
$ git grep "field\->name" user
|
user/profile/field/checkbox/field.class.php: $checkbox = $mform->addElement('advcheckbox', $this->inputname, format_string($this->field->name));
|
user/profile/field/datetime/field.class.php: $mform->addElement('date_time_selector', $this->inputname, format_string($this->field->name), $attributes);
|
user/profile/field/datetime/field.class.php: $mform->addElement('date_selector', $this->inputname, format_string($this->field->name), $attributes);
|
user/profile/field/menu/field.class.php: $mform->addElement('select', $this->inputname, format_string($this->field->name), $this->options);
|
user/profile/field/social/field.class.php: $mform->addElement('text', $this->inputname, $this->field->name, null, null);
|
user/profile/field/social/field.class.php: $field->name = $networks[$field->name];
|
user/profile/field/text/field.class.php: $mform->addElement($fieldtype, $this->inputname, format_string($this->field->name),
|
user/profile/field/textarea/field.class.php: $mform->addElement('editor', $this->inputname, format_string($this->field->name), null, null);
|
user/profile/index.php: $fieldname = format_string($field->name);
|
user/profile/index.php: $fieldname = $classname::get_fieldname($field->name);
|
user/profile/lib.php: return format_text($this->field->name, FORMAT_MOODLE, [
|
user/profile/lib.php: $data[$categoryname][$field->inputname] = $field->field->name;
|
user/tests/profilelib_test.php: $this->assertEquals('My field', $customfield->name);
|
This causes problems for code that tries to call the current display_name() method because it causes double encoding, so at the same time as fixing the method call we could make a change similar to here to allow callers to control escaping