Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-31762 username should be lowercase and check against PARAM_USERNA…

…ME when creating/updating user by web service
  • Loading branch information...
commit 45b4464c76b5701e5167fd856ff0cc7f730dbe41 1 parent ead4f18
Jérôme Mouneyrac authored April 13, 2012
6  user/externallib.php
@@ -43,7 +43,7 @@ public static function create_users_parameters() {
43 43
                 'users' => new external_multiple_structure(
44 44
                     new external_single_structure(
45 45
                         array(
46  
-                            'username'    => new external_value(PARAM_RAW, 'Username policy is defined in Moodle security config'),
  46
+                            'username'    => new external_value(PARAM_USERNAME, 'Username policy is defined in Moodle security config. Must be lowercase.'),
47 47
                             'password'    => new external_value(PARAM_RAW, 'Plain text password consisting of any characters'),
48 48
                             'firstname'   => new external_value(PARAM_NOTAGS, 'The first name(s) of the user'),
49 49
                             'lastname'    => new external_value(PARAM_NOTAGS, 'The family name of the user'),
@@ -184,7 +184,7 @@ public static function create_users_returns() {
184 184
             new external_single_structure(
185 185
                 array(
186 186
                     'id'       => new external_value(PARAM_INT, 'user id'),
187  
-                    'username' => new external_value(PARAM_RAW, 'user name'),
  187
+                    'username' => new external_value(PARAM_USERNAME, 'user name'),
188 188
                 )
189 189
             )
190 190
         );
@@ -259,7 +259,7 @@ public static function update_users_parameters() {
259 259
                     new external_single_structure(
260 260
                         array(
261 261
                             'id'    => new external_value(PARAM_NUMBER, 'ID of the user'),
262  
-                            'username'    => new external_value(PARAM_RAW, 'Username policy is defined in Moodle security config', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
  262
+                            'username'    => new external_value(PARAM_USERNAME, 'Username policy is defined in Moodle security config. Must be lowercase.', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
263 263
                             'password'    => new external_value(PARAM_RAW, 'Plain text password consisting of any characters', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
264 264
                             'firstname'   => new external_value(PARAM_NOTAGS, 'The first name(s) of the user', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
265 265
                             'lastname'    => new external_value(PARAM_NOTAGS, 'The family name of the user', VALUE_OPTIONAL),
20  user/lib.php
@@ -39,6 +39,15 @@ function user_create_user($user) {
39 39
             $user = (object)$user;
40 40
     }
41 41
 
  42
+    //check username
  43
+    if ($user->username !== textlib::strtolower($user->username)) {
  44
+        throw new moodle_exception('usernamelowercase');
  45
+    } else {
  46
+        if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
  47
+            throw new moodle_exception('invalidusername');
  48
+        }
  49
+    }
  50
+
42 51
     // save the password in a temp value for later
43 52
     if (isset($user->password)) {
44 53
 
@@ -91,6 +100,17 @@ function user_update_user($user) {
91 100
             $user = (object)$user;
92 101
     }
93 102
 
  103
+    //check username
  104
+    if (isset($user->username)) {
  105
+        if ($user->username !== textlib::strtolower($user->username)) {
  106
+            throw new moodle_exception('usernamelowercase');
  107
+        } else {
  108
+            if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
  109
+                throw new moodle_exception('invalidusername');
  110
+            }
  111
+        }
  112
+    }
  113
+
94 114
     // unset password here, for updating later
95 115
     if (isset($user->password)) {
96 116
 

0 notes on commit 45b4464

Please sign in to comment.
Something went wrong with that request. Please try again.