Commit 12aa21ec authored by Aaron Wells's avatar Aaron Wells Committed by Son Nguyen

Whitelist the $user properties sent to email_user() (Bug 1488697)

The old code passes every value from the form into email_user(), which
has wound up causing problems because email_user() thinks $user->id
refers to the user's ID, but in our case id refers to the usr_registration
record. (There is no user created yet at this point)

behatnotneeded: No infrastructure to test email yet

Change-Id: I0d862c2d1b2fdba5d5a1dc0068ce594207ecace9
(cherry picked from commit 91cc873f)
parent 7801498c
...@@ -140,19 +140,36 @@ function approveregistration_submit(Pieform $form, $values) { ...@@ -140,19 +140,36 @@ function approveregistration_submit(Pieform $form, $values) {
update_record('usr_registration', $values, array('email' => $values['email'])); update_record('usr_registration', $values, array('email' => $values['email']));
// send the user the official account completion email // send the user the official account completion email
$user = (object) $values; $user = new stdClass();
$user->admin = 0; $user->firstname = $values['firstname'];
$user->staff = 0; $user->lastname = $values['lastname'];
email_user($user, null, $user->email = $values['email'];
get_string('registeredemailsubject', 'auth.internal', get_config('sitename')), email_user(
get_string('registeredemailmessagetext', 'auth.internal', $user,
$user->firstname, get_config('sitename'), get_config('wwwroot'), null,
$user->key, get_config('sitename')), get_string('registeredemailsubject', 'auth.internal', get_config('sitename')),
get_string('registeredemailmessagehtml', 'auth.internal', get_string(
$user->firstname, get_config('sitename'), get_config('wwwroot'), 'registeredemailmessagetext',
$user->key, get_config('wwwroot'), $user->key, get_config('sitename')) 'auth.internal',
); $user->firstname,
get_config('sitename'),
get_config('wwwroot'),
$values['key'],
get_config('sitename')
),
get_string(
'registeredemailmessagehtml',
'auth.internal',
$user->firstname,
get_config('sitename'),
get_config('wwwroot'),
$values['key'],
get_config('wwwroot'),
$values['key'],
get_config('sitename')
)
);
$SESSION->add_ok_msg(get_string('registrationapprovedsuccessfully', 'admin')); $SESSION->add_ok_msg(get_string('registrationapprovedsuccessfully', 'admin'));
redirect('/admin/users/pendingregistrations.php?institution='.$user->institution); redirect('/admin/users/pendingregistrations.php?institution=' . $values['institution']);
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment