mirror of
https://github.com/moodle/moodle.git
synced 2025-08-04 08:26:37 +02:00
MDL-18265 fixed regressions by hardfreeze security workaround - defaults were overriding locked values - backported from HEAD
This commit is contained in:
skodak
parent
87a2d989ba
commit
79feabdc54
3 changed files with 32 additions and 13 deletions
|
|
@ -92,11 +92,12 @@ class user_edit_form extends moodleform {
|
|||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/// Next the customisable profile fields
|
||||
profile_definition_after_data($mform);
|
||||
profile_definition_after_data($mform, $user->id);
|
||||
|
||||
} else {
|
||||
profile_definition_after_data($mform, 0);
|
||||
}
|
||||
}
|
||||
|
||||
function validation ($usernew) {
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ class user_editadvanced_form extends moodleform {
|
|||
}
|
||||
|
||||
/// Next the customisable profile fields
|
||||
profile_definition_after_data($mform);
|
||||
profile_definition_after_data($mform, $userid);
|
||||
}
|
||||
|
||||
function validation($usernew) {
|
||||
|
|
|
|||
|
|
@ -70,10 +70,24 @@ class profile_field_base {
|
|||
$this->edit_field_add($mform);
|
||||
$this->edit_field_set_default($mform);
|
||||
$this->edit_field_set_required($mform);
|
||||
$this->edit_field_set_locked($mform);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Tweaks the edit form
|
||||
* @param object instance of the moodleform class
|
||||
* $return boolean
|
||||
*/
|
||||
function edit_after_data(&$mform) {
|
||||
|
||||
if ($this->field->visible != PROFILE_VISIBLE_NONE
|
||||
or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
|
||||
$this->edit_field_set_locked($mform);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves the data coming from form
|
||||
* @param mixed data coming from the form
|
||||
|
|
@ -137,6 +151,9 @@ class profile_field_base {
|
|||
* @param object instance of the moodleform class
|
||||
*/
|
||||
function edit_field_set_locked(&$mform) {
|
||||
if (!$mform->elementExists($this->inputname)) {
|
||||
return;
|
||||
}
|
||||
if ($this->is_locked() and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
|
||||
$mform->hardFreeze($this->inputname);
|
||||
$mform->setConstant($this->inputname, $this->data);
|
||||
|
|
@ -289,18 +306,19 @@ function profile_definition(&$mform) {
|
|||
}
|
||||
}
|
||||
|
||||
function profile_definition_after_data(&$mform) {
|
||||
function profile_definition_after_data(&$mform, $userid) {
|
||||
global $CFG;
|
||||
/*
|
||||
|
||||
$userid = ($userid < 0) ? 0 : (int)$userid;
|
||||
|
||||
if ($fields = get_records('user_info_field')) {
|
||||
foreach ($fields as $field) {
|
||||
require_once($CFG->dirroot.'/user/profile/field/'.$field->datatype.'/field.class.php');
|
||||
$newfield = 'profile_field_'.$field->datatype;
|
||||
$formfield = new $newfield($field->id);
|
||||
//TODO add: method into field class
|
||||
|
||||
$formfield = new $newfield($field->id, $userid);
|
||||
$formfield->edit_after_data($mform);
|
||||
}
|
||||
}
|
||||
}*/
|
||||
}
|
||||
|
||||
function profile_validation($usernew) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue