/** * Test validate() method. */ public function test_validate() { // Create user with just with username and firstname. $record = array('username' => 's10', 'firstname' => 'Bebe Stevens'); $validation = core_user::validate((object) $record); // Validate the user, should return true as the user data is correct. $this->assertTrue($validation); // Create user with incorrect data (invalid country and theme). $record = array('username' => 's1', 'firstname' => 'Eric Cartman', 'country' => 'UU', 'theme' => 'beise'); // Should return an array with 2 errors. $validation = core_user::validate((object) $record); $this->assertArrayHasKey('country', $validation); $this->assertArrayHasKey('theme', $validation); $this->assertCount(2, $validation); // Create user with malicious data (xss). $record = array('username' => 's3', 'firstname' => 'Kyle<script>alert(1);<script> Broflovski'); // Should return an array with 1 error. $validation = core_user::validate((object) $record); $this->assertCount(1, $validation); $this->assertArrayHasKey('firstname', $validation); }
} $gid = $ccache[$shortname]->groups[$addgroup]->id; $gname = $ccache[$shortname]->groups[$addgroup]->name; try { if (groups_add_member($gid, $user->id)) { $upt->track('enrolments', get_string('addedtogroup', '', s($gname))); } else { $upt->track('enrolments', get_string('addedtogroupnot', '', s($gname)), 'error'); } } catch (moodle_exception $e) { $upt->track('enrolments', get_string('addedtogroupnot', '', s($gname)), 'error'); continue; } } } $validation[$user->username] = core_user::validate($user); } $upt->close(); // close table if (!empty($validation)) { foreach ($validation as $username => $result) { if ($result !== true) { \core\notification::warning(get_string('invaliduserdata', 'tool_uploaduser', s($username))); } } } $cir->close(); $cir->cleanup(true); echo $OUTPUT->box_start('boxwidthnarrow boxaligncenter generalbox', 'uploadresults'); echo '<p>'; if ($optype != UU_USER_UPDATE) {
/** * Test for mod_assign_external::list_participants(). * * @throws coding_exception */ public function test_list_participants_user_info_with_special_characters() { global $CFG, $DB; $this->resetAfterTest(true); $CFG->showuseridentity = 'idnumber,email,phone1,phone2,department,institution'; $data = $this->create_assign_with_student_and_teacher(); $assignment = $data['assign']; $teacher = $data['teacher']; // Set data for student info that contain special characters. $student = $data['student']; $student->idnumber = '<\'"1am@wesome&c00l"\'>'; $student->phone1 = '+63 (999) 888-7777'; $student->phone2 = '(011) [15]4-123-4567'; $student->department = 'Arts & Sciences & \' " ¢ £ © € ¥ ® < >'; $student->institution = 'University of Awesome People & \' " ¢ £ © € ¥ ® < >'; // Assert that we have valid user data. $this->assertTrue(core_user::validate($student)); // Update the user record. $DB->update_record('user', $student); $this->setUser($teacher); $participants = mod_assign_external::list_participants($assignment->id, 0, '', 0, 0); $this->assertCount(1, $participants); // Asser that we have a valid response data. $response = external_api::clean_returnvalue(mod_assign_external::list_participants_returns(), $participants); $this->assertEquals($response, $participants); // Check participant data. $participant = $participants[0]; $this->assertEquals($student->idnumber, $participant['idnumber']); $this->assertEquals($student->email, $participant['email']); $this->assertEquals($student->phone1, $participant['phone1']); $this->assertEquals($student->phone2, $participant['phone2']); $this->assertEquals($student->department, $participant['department']); $this->assertEquals($student->institution, $participant['institution']); }
/** * Update a user with a user object (will compare against the ID) * * @throws moodle_exception * @param stdClass $user the user to update * @param bool $updatepassword if true, authentication plugin will update password. * @param bool $triggerevent set false if user_updated event should not be triggred. * This will not affect user_password_updated event triggering. */ function user_update_user($user, $updatepassword = true, $triggerevent = true) { global $DB; // Set the timecreate field to the current time. if (!is_object($user)) { $user = (object) $user; } // Check username. if (isset($user->username)) { if ($user->username !== core_text::strtolower($user->username)) { throw new moodle_exception('usernamelowercase'); } else { if ($user->username !== core_user::clean_field($user->username, 'username')) { throw new moodle_exception('invalidusername'); } } } // Unset password here, for updating later, if password update is required. if ($updatepassword && isset($user->password)) { // Check password toward the password policy. if (!check_password_policy($user->password, $errmsg)) { throw new moodle_exception($errmsg); } $passwd = $user->password; unset($user->password); } // Make sure calendartype, if set, is valid. if (empty($user->calendartype)) { // Unset this variable, must be an empty string, which we do not want to update the calendartype to. unset($user->calendartype); } $user->timemodified = time(); // Validate user data object. $uservalidation = core_user::validate($user); if ($uservalidation !== true) { foreach ($uservalidation as $field => $message) { debugging("The property '{$field}' has invalid data and has been cleaned.", DEBUG_DEVELOPER); $user->{$field} = core_user::clean_field($user->{$field}, $field); } } $DB->update_record('user', $user); if ($updatepassword) { // Get full user record. $updateduser = $DB->get_record('user', array('id' => $user->id)); // If password was set, then update its hash. if (isset($passwd)) { $authplugin = get_auth_plugin($updateduser->auth); if ($authplugin->can_change_password()) { $authplugin->user_update_password($updateduser, $passwd); } } } // Trigger event if required. if ($triggerevent) { \core\event\user_updated::create_from_userid($user->id)->trigger(); } }