Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-31762 username should be lowercase and check against PARAM_USERNA…

…ME when creating/updating user by web service
  • Loading branch information...
commit e0a57f8cccbfefd6ae5e2ea06a979835e9da5426 1 parent cc2a87e
@mouneyrac mouneyrac authored samhemelryk committed
Showing with 23 additions and 3 deletions.
  1. +3 −3 user/externallib.php
  2. +20 −0 user/lib.php
View
6 user/externallib.php
@@ -43,7 +43,7 @@ public static function create_users_parameters() {
'users' => new external_multiple_structure(
new external_single_structure(
array(
- 'username' => new external_value(PARAM_RAW, 'Username policy is defined in Moodle security config'),
+ 'username' => new external_value(PARAM_USERNAME, 'Username policy is defined in Moodle security config. Must be lowercase.'),
'password' => new external_value(PARAM_RAW, 'Plain text password consisting of any characters'),
'firstname' => new external_value(PARAM_NOTAGS, 'The first name(s) of the user'),
'lastname' => new external_value(PARAM_NOTAGS, 'The family name of the user'),
@@ -184,7 +184,7 @@ public static function create_users_returns() {
new external_single_structure(
array(
'id' => new external_value(PARAM_INT, 'user id'),
- 'username' => new external_value(PARAM_RAW, 'user name'),
+ 'username' => new external_value(PARAM_USERNAME, 'user name'),
)
)
);
@@ -259,7 +259,7 @@ public static function update_users_parameters() {
new external_single_structure(
array(
'id' => new external_value(PARAM_NUMBER, 'ID of the user'),
- 'username' => new external_value(PARAM_RAW, 'Username policy is defined in Moodle security config', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
+ 'username' => new external_value(PARAM_USERNAME, 'Username policy is defined in Moodle security config. Must be lowercase.', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
'password' => new external_value(PARAM_RAW, 'Plain text password consisting of any characters', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
'firstname' => new external_value(PARAM_NOTAGS, 'The first name(s) of the user', VALUE_OPTIONAL, '',NULL_NOT_ALLOWED),
'lastname' => new external_value(PARAM_NOTAGS, 'The family name of the user', VALUE_OPTIONAL),
View
20 user/lib.php
@@ -39,6 +39,15 @@ function user_create_user($user) {
$user = (object)$user;
}
+ //check username
+ if ($user->username !== textlib::strtolower($user->username)) {
+ throw new moodle_exception('usernamelowercase');
+ } else {
+ if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
+ throw new moodle_exception('invalidusername');
+ }
+ }
+
// save the password in a temp value for later
if (isset($user->password)) {
$userpassword = $user->password;
@@ -80,6 +89,17 @@ function user_update_user($user) {
$user = (object)$user;
}
+ //check username
+ if (isset($user->username)) {
+ if ($user->username !== textlib::strtolower($user->username)) {
+ throw new moodle_exception('usernamelowercase');
+ } else {
+ if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
+ throw new moodle_exception('invalidusername');
+ }
+ }
+ }
+
// unset password here, for updating later
if (isset($user->password)) {
$passwd = $user->password;
Please sign in to comment.
Something went wrong with that request. Please try again.