Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16730

CSV User Import: Enforce validation of username field

XMLWordPrintable

    • MOODLE_19_STABLE, MOODLE_20_STABLE
    • MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • MDL-16730-master
    • Hide
      1. Login as admin and goto user csv import
      2. create a csv file with following content 

        username,password,firstname,lastname,email
        		 
        dduc@!#k,test,donald,duck,ddudddk@test.com
        		 
        mmous{}/ze,test,mickey,mouse,mmodduse@test.com
        		 
        "ba  mbi",test,bambi,bambi,bambi@test.com
        		 
        elmo,test,elmo,elmo,elmo@test.com

      3. Disable the setting extendedusernamechars
      4. Try importing the csv
      5. make sure you get invalid username error for first three entries
      6. enable the setting extendedusernamechars
      7. try importing again and make sure you get error only for the third entry
      8. switch 'Standardise usernames' to 'No'.
      9. go ahead and finish the import, make sure there are no further errors.
      Show
      Login as admin and goto user csv import create a csv file with following content username,password,firstname,lastname,email dduc@!#k,test,donald,duck,ddudddk@test.com mmous{}/ze,test,mickey,mouse,mmodduse@test.com "ba mbi",test,bambi,bambi,bambi@test.com elmo,test,elmo,elmo,elmo@test.com Disable the setting extendedusernamechars Try importing the csv make sure you get invalid username error for first three entries enable the setting extendedusernamechars try importing again and make sure you get error only for the third entry switch 'Standardise usernames' to 'No'. go ahead and finish the import, make sure there are no further errors.

      Around lines 123-142 of the /user/editadvanced_form.php file, there are a series of validation checks for the username. I think these should be moved to a function called something like valid_username that returns either true or the error (where the validation failed). In this way, we could easily enforce the validation of usernames when they come in via a CSV file (/admin/uploaduser.php). Currently we verify that the username contains no whitespace, is lowercase, and is alphanumeric allowing also dashes , slashes (/ and ), periods (.) and parentheses (). I'm not sure how much of this is intentional. We may want to improve and limit it more closely to alphanums. I can see application for the dashes and periods but wonder about slashes and parentheses.

      I think this is a matter of consistency. I came across a user who was putting underscores in the usernames via CSV files and this is not allowed when manually adding a user. In general, I would like to see that we are performing the same validation on CSV data as we do for manually added data. Peace - Anthony

            ankit_frenz Ankit Agarwal
            aborrow Anthony Borrow
            Adrian Greeve Adrian Greeve
            Sam Hemelryk Sam Hemelryk
            Rossiani Wijaya Rossiani Wijaya
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.