MDL-27884 Implement proper username validation during csv import

moodle · Jan 2, 2013 · 363ed37 · 363ed37
1 parent d63a406
commit 363ed37
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/admin/tool/uploaduser/index.php b/admin/tool/uploaduser/index.php
@@ -285,7 +285,11 @@
             $userserrors++;
             continue;
         }
-
+        if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
+            $upt->track('status', get_string('invalidusername', 'error', 'username'), 'error');
+            $upt->track('username', $errorstr, 'error');
+            $userserrors++;
+        }
         if ($existinguser = $DB->get_record('user', array('username'=>$user->username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
             $upt->track('id', $existinguser->id, 'normal', false);
         }

diff --git a/lang/en/error.php b/lang/en/error.php
@@ -331,6 +331,7 @@
 $string['invaliduser'] = 'Invalid user';
 $string['invaliduserid'] = 'Invalid user id';
 $string['invaliduserfield'] = 'Invalid user field: {$a}';
+$string['invalidusername'] = 'The given username contains invalid characters';
 $string['invalidxmlfile'] = '"{$a}" is not a valid XML file';
 $string['iplookupfailed'] = 'Cannot find geo information about this IP address {$a}';
 $string['iplookupprivate'] = 'Cannot display lookup of private IP address';