moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-06 09:26:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-66762 user: escape extra/email user fields.

Browse source
This commit is contained in:
Paul Holden 2019-10-07 17:33:48 +01:00 committed by Adrian Greeve
parent eb9f830604
commit 7455b741c9
11 changed files with 14 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

7
admin/roles/admins.php
View file

@ -36,15 +36,12 @@ if (!is_siteadmin()) {
}
$admisselector = new core_role_admins_existing_selector();
$admisselector->set_extra_fields(array('username', 'email'));
$potentialadmisselector = new core_role_admins_potential_selector();
$potentialadmisselector->set_extra_fields(array('username', 'email'));
if (optional_param('add', false, PARAM_BOOL) and confirm_sesskey()) {
if ($userstoadd = $potentialadmisselector->get_selected_users()) {
$user = reset($userstoadd);
$username = fullname($user) . " ($user->username, $user->email)";
$username = $potentialadmisselector->output_user($user);
echo $OUTPUT->header();
$yesurl = new moodle_url('/admin/roles/admins.php', array('confirmadd'=>$user->id, 'sesskey'=>sesskey()));
echo $OUTPUT->confirm(get_string('confirmaddadmin', 'core_role', $username), $yesurl, $PAGE->url);
@ -58,7 +55,7 @@ if (optional_param('add', false, PARAM_BOOL) and confirm_sesskey()) {
if ($USER->id == $user->id) {
// Can not remove self.
} else {
$username = fullname($user) . " ($user->username, $user->email)";
$username = $admisselector->output_user($user);
echo $OUTPUT->header();
$yesurl = new moodle_url('/admin/roles/admins.php', array('confirmdel'=>$user->id, 'sesskey'=>sesskey()));
echo $OUTPUT->confirm(get_string('confirmdeladmin', 'core_role', $username), $yesurl, $PAGE->url);

4
admin/tool/dataprivacy/classes/external.php
View file

@ -724,7 +724,7 @@ class external extends external_api {
foreach ($extrafields as $extrafield) {
$useroption->extrafields[] = (object)[
'name' => $extrafield,
'value' => $user->$extrafield
'value' => $user->{$extrafield}
];
}
$useroptions[$user->id] = $useroption;
@ -748,7 +748,7 @@ class external extends external_api {
'extrafields' => new external_multiple_structure(
new external_single_structure([
'name' => new external_value(PARAM_TEXT, 'Name of the extrafield.'),
'value' => new external_value(PARAM_TEXT, 'Value of the extrafield.')
'value' => new external_value(PARAM_RAW_TRIMMED, 'Value of the extrafield.')
]
), 'List of extra fields', VALUE_OPTIONAL
)

2
admin/user.php
View file

@ -401,7 +401,7 @@
$row = array ();
$row[] = "<a href=\"../user/view.php?id=$user->id&amp;course=$site->id\">$fullname</a>";
foreach ($extracolumns as $field) {
$row[] = $user->{$field};
$row[] = s($user->{$field});
}
$row[] = $user->city;
$row[] = $user->country;

2
admin/user/user_bulk_cohortadd.php
View file

@ -138,7 +138,7 @@ foreach ($users as $user) {
'<a href="' . $CFG->wwwroot . '/user/view.php?id=' . $user->id . '&amp;course=' . SITEID . '">' .
$user->fullname .
'</a>',
$user->email,
s($user->email),
$user->city,
$user->country,
$user->lastaccess ? format_time(time() - $user->lastaccess) : $strnever

2
admin/user/user_bulk_display.php
View file

@ -72,7 +72,7 @@ foreach($users as $user) {
$table->data[] = array (
'<a href="'.$CFG->wwwroot.'/user/view.php?id='.$user->id.'&amp;course='.SITEID.'">'.$user->fullname.'</a>',
// $user->username,
$user->email,
s($user->email),
$user->city,
$user->country,
$user->lastaccess ? format_time(time() - $user->lastaccess) : $strnever