Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-82494

User profile field names are formatted using the wrong method

XMLWordPrintable

    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MOODLE_403_STABLE, MOODLE_404_STABLE
    • MDL-82494-403
    • MDL-82494-404
    • Hide

      Regression test only

      1. Log in as admin
      2. Navigate to Users > User profile fields in site administration
      3. Create a new Text input field
        • Short name: field1
        • Name: This & That > There
      4. Navigate to your profile page
      5. Press Edit profile
      6. Set This & That > There to "Hello"
      7. Confirm on profile page the field name shows correctly
      8. Navigate to Reports from user menu
      9. Create new report from Users report source
        • Include default setup: No
      10. Add the User • This & That > There column to report
      11. Confirm report table does not double encode the column name
      12. Add the User • This & That > There condition to report
      13. Confirm condition container does not double encode the condition name
      14. Add the User • This & That > There filter to report
      15. Confirm filter container does not double encode the condition name
      Show
      Regression test only Log in as admin Navigate to Users > User profile fields in site administration Create a new Text input field Short name: field1 Name: This & That > There Navigate to your profile page Press Edit profile Set This & That > There to "Hello" Confirm on profile page the field name shows correctly Navigate to Reports from user menu Create new report from Users report source Include default setup: No Add the User • This & That > There column to report Confirm report table does not double encode the column name Add the User • This & That > There condition to report Confirm condition container does not double encode the condition name Add the User • This & That > There filter to report Confirm filter container does not double encode the condition name

      The changes from MDL-77967 added an API to return formatted "display name" of user profile fields:

      https://github.com/moodle/moodle/commit/e258e86f15d9346bf0db547598a54314b7aaacd1#diff-b7e62174fb651285a4d771696a12cd6cbf6ad512652e1a90dc3cbe7ec676fe86

      For some reason, it's calling format_text(...) on the field name, which is incorrect because the field name is a simple string (that method is for textual data usually from text editors, that expects a FORMAT_* parameter). We can see that format_string(...) is typically called to format this value:

      $ git grep "field\->name" user
      		 
      user/profile/field/checkbox/field.class.php:        $checkbox = $mform->addElement('advcheckbox', $this->inputname, format_string($this->field->name));
      		 
      user/profile/field/datetime/field.class.php:            $mform->addElement('date_time_selector', $this->inputname, format_string($this->field->name), $attributes);
      		 
      user/profile/field/datetime/field.class.php:            $mform->addElement('date_selector', $this->inputname, format_string($this->field->name), $attributes);
      		 
      user/profile/field/menu/field.class.php:        $mform->addElement('select', $this->inputname, format_string($this->field->name), $this->options);
      		 
      user/profile/field/social/field.class.php:        $mform->addElement('text', $this->inputname, $this->field->name, null, null);
      		 
      user/profile/field/social/field.class.php:        $field->name = $networks[$field->name];
      		 
      user/profile/field/text/field.class.php:        $mform->addElement($fieldtype, $this->inputname, format_string($this->field->name),
      		 
      user/profile/field/textarea/field.class.php:        $mform->addElement('editor', $this->inputname, format_string($this->field->name), null, null);
      		 
      user/profile/index.php:            $fieldname = format_string($field->name);
      		 
      user/profile/index.php:                $fieldname = $classname::get_fieldname($field->name);
      		 
      user/profile/lib.php:        return format_text($this->field->name, FORMAT_MOODLE, [
      		 
      user/profile/lib.php:            $data[$categoryname][$field->inputname] = $field->field->name;
      		 
      user/tests/profilelib_test.php:            $this->assertEquals('My field', $customfield->name);

      This causes problems for code that tries to call the current display_name() method because it causes double encoding, so at the same time as fixing the method call we could make a change similar to here to allow callers to control escaping

        1. MDL-82494.png
          125 kB
          Stevani Andolo
        2. MDL-82494-1.png
          262 kB
          Ron Carl Alfon Yu

            pholden Paul Holden
            pholden Paul Holden
            Stevani Andolo Stevani Andolo
            Ilya Tregubov Ilya Tregubov
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours, 11 minutes
                3h 11m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.