Skip to content
Browse files

MDL-27884 Implement proper username validation during csv import

  • Loading branch information...
1 parent d63a406 commit 363ed37e760627bf504766377c75cba90535fa94 @ankitagarwal ankitagarwal committed Jan 2, 2013
Showing with 6 additions and 1 deletion.
  1. +5 −1 admin/tool/uploaduser/index.php
  2. +1 −0 lang/en/error.php
View
6 admin/tool/uploaduser/index.php
@@ -285,7 +285,11 @@
$userserrors++;
continue;
}
-
+ if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
+ $upt->track('status', get_string('invalidusername', 'error', 'username'), 'error');
+ $upt->track('username', $errorstr, 'error');
+ $userserrors++;
+ }
if ($existinguser = $DB->get_record('user', array('username'=>$user->username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
$upt->track('id', $existinguser->id, 'normal', false);
}
View
1 lang/en/error.php
@@ -331,6 +331,7 @@
$string['invaliduser'] = 'Invalid user';
$string['invaliduserid'] = 'Invalid user id';
$string['invaliduserfield'] = 'Invalid user field: {$a}';
+$string['invalidusername'] = 'The given username contains invalid characters';
$string['invalidxmlfile'] = '"{$a}" is not a valid XML file';
$string['iplookupfailed'] = 'Cannot find geo information about this IP address {$a}';
$string['iplookupprivate'] = 'Cannot display lookup of private IP address';

0 comments on commit 363ed37

Please sign in to comment.
Something went wrong with that request. Please try again.