Commit 852c9aa7 authored by Francois Marier's avatar Francois Marier Committed by Gerrit Code Review
Browse files

Merge changes I4738d809,I151fe4f9,Ic3571a96

* changes:
  Sanitize personal details coming from LDAP server (bug #888840)
  Refactor firstname, lastname, email validation into functions
  Remove lies in comment
parents ed48acb7 46189cc1
......@@ -186,9 +186,9 @@ function adduser_validate(Pieform $form, $values) {
}
$username = $values['username'];
$firstname = $values['firstname'];
$lastname = $values['lastname'];
$email = $values['email'];
$firstname = sanitize_firstname($values['firstname']);
$lastname = sanitize_lastname($values['lastname']);
$email = sanitize_email($values['email']);
$password = $values['password'];
if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
......@@ -256,16 +256,15 @@ function adduser_validate(Pieform $form, $values) {
}
}
else {
if (!$form->get_error('firstname') && !preg_match('/\S/', $firstname)) {
if (!$form->get_error('firstname') && empty($firstname)) {
$form->set_error('firstname', $form->i18n('rule', 'required', 'required'));
}
if (!$form->get_error('lastname') && !preg_match('/\S/', $lastname)) {
if (!$form->get_error('lastname') && empty($lastname)) {
$form->set_error('lastname', $form->i18n('rule', 'required', 'required'));
}
if (!$form->get_error('email')) {
require_once('phpmailer/class.phpmailer.php');
if (!$form->get_error('email') && !PHPMailer::ValidateAddress($email)) {
if (!$form->get_error('email') && empty($email)) {
$form->set_error('email', get_string('invalidemailaddress', 'artefact.internal'));
}
......
......@@ -77,7 +77,7 @@ class AuthLdap extends Auth {
/**
* Attempt to authenticate user
*
* @param string $user The username to authenticate with
* @param string $user The user record to authenticate with
* @param string $password The password being used for authentication
* @return bool True/False based on whether the user
* authenticated successfully
......@@ -132,9 +132,11 @@ class AuthLdap extends Auth {
// Match database and ldap entries and update in database if required
$fieldstoimport = array('firstname', 'lastname', 'email');
foreach ($fieldstoimport as $field) {
$sanitizer = "sanitize_$field";
$ldapdetails[$field] = $sanitizer($ldapdetails[$field]);
if (!empty($ldapdetails[$field]) && ($user->$field != $ldapdetails[$field])) {
$user->$field = $ldapdetails[$field];
set_profile_field($user->id, $field, $user->$field);
set_profile_field($user->id, $field, $ldapdetails[$field]);
}
}
}
......
......@@ -1225,13 +1225,13 @@ function login_submit(Pieform $form, $values) {
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = $userdata->firstname;
$USER->firstname = sanitize_firstname($userdata->firstname);
}
if (isset($userdata->lastname)) {
$USER->lastname = $userdata->lastname;
$USER->lastname = sanitize_firstname($userdata->lastname);
}
if (isset($userdata->email)) {
$USER->email = $userdata->email;
$USER->email = sanitize_email($userdata->email);
}
else {
// The user will be asked to populate this when they log in.
......
......@@ -2886,3 +2886,24 @@ function is_html_editor_enabled () {
function is_https() {
return stripos(get_config('wwwroot'), 'https://') !== false;
}
function sanitize_email($value) {
if (filter_var($value, FILTER_VALIDATE_EMAIL) === false) {
return '';
}
return $value;
}
function sanitize_firstname($value) {
if (!preg_match('/\S/', $value)) {
return '';
}
return $value;
}
function sanitize_lastname($value) {
if (!preg_match('/\S/', $value)) {
return '';
}
return $value;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment