mirror of
https://github.com/moodle/moodle.git
synced 2025-04-13 04:22:07 +02:00
MDL-65552 user: escape idnumber field on output.
This commit also corrects parameter definition of the field to match core_user.
This commit is contained in:
Paul Holden
Jun Pataleta
parent
01959703ba
commit
a7e0ba1e71
@ -305,7 +305,7 @@ class admin_uploaduser_form2 extends moodleform {
|
||||
$mform->setAdvanced('url');
|
||||
|
||||
$mform->addElement('text', 'idnumber', get_string('idnumber'), 'maxlength="255" size="25"');
|
||||
$mform->setType('idnumber', PARAM_NOTAGS);
|
||||
$mform->setType('idnumber', core_user::get_property_type('idnumber'));
|
||||
$mform->setForceLtr('idnumber');
|
||||
|
||||
$mform->addElement('text', 'institution', get_string('institution'), 'maxlength="255" size="25"');
|
||||
|
||||
@ -512,6 +512,10 @@ class block_activity_results extends block_base {
|
||||
$fields = implode(',', $fields);
|
||||
$users = $DB->get_records_list('user', 'id', $userids, '', $fields);
|
||||
|
||||
// If configured to view user idnumber, ensure current user can see it.
|
||||
$extrafields = get_extra_user_fields($this->context);
|
||||
$canviewidnumber = (array_search('idnumber', $extrafields) !== false);
|
||||
|
||||
// Ready for output!
|
||||
if ($activity->gradetype == GRADE_TYPE_SCALE) {
|
||||
// We must display the results using scales.
|
||||
@ -537,10 +541,14 @@ class block_activity_results extends block_base {
|
||||
}
|
||||
$this->content->text .= '</h6></caption><colgroup class="number" />';
|
||||
$this->content->text .= '<colgroup class="name" /><colgroup class="grade" /><tbody>';
|
||||
|
||||
foreach ($best as $userid => $gradeid) {
|
||||
switch ($nameformat) {
|
||||
case B_ACTIVITYRESULTS_NAME_FORMAT_ID:
|
||||
$thisname = get_string('user').' '.$users[$userid]->idnumber;
|
||||
$thisname = get_string('user');
|
||||
if ($canviewidnumber) {
|
||||
$thisname .= ' ' . s($users[$userid]->idnumber);
|
||||
}
|
||||
break;
|
||||
case B_ACTIVITYRESULTS_NAME_FORMAT_ANON:
|
||||
$thisname = get_string('user');
|
||||
@ -603,7 +611,10 @@ class block_activity_results extends block_base {
|
||||
foreach ($worst as $userid => $gradeid) {
|
||||
switch ($nameformat) {
|
||||
case B_ACTIVITYRESULTS_NAME_FORMAT_ID:
|
||||
$thisname = get_string('user').' '.$users[$userid]->idnumber;
|
||||
$thisname = get_string('user');
|
||||
if ($canviewidnumber) {
|
||||
$thisname .= ' ' . s($users[$userid]->idnumber);
|
||||
};
|
||||
break;
|
||||
case B_ACTIVITYRESULTS_NAME_FORMAT_ANON:
|
||||
$thisname = get_string('user');
|
||||
|
||||
@ -480,7 +480,8 @@ class gradereport_user_external extends external_api {
|
||||
'courseid' => new external_value(PARAM_INT, 'course id'),
|
||||
'userid' => new external_value(PARAM_INT, 'user id'),
|
||||
'userfullname' => new external_value(PARAM_TEXT, 'user fullname'),
|
||||
'useridnumber' => new external_value(PARAM_TEXT, 'user idnumber'),
|
||||
'useridnumber' => new external_value(
|
||||
core_user::get_property_type('idnumber'), 'user idnumber'),
|
||||
'maxdepth' => new external_value(PARAM_INT, 'table max depth (needed for printing it)'),
|
||||
'gradeitems' => new external_multiple_structure(
|
||||
new external_single_structure(
|
||||
|
||||
@ -219,7 +219,7 @@ function core_myprofile_navigation(core_user\output\myprofile\tree $tree, $user,
|
||||
|
||||
if (isset($identityfields['idnumber']) && $user->idnumber) {
|
||||
$node = new core_user\output\myprofile\node('contact', 'idnumber', get_string('idnumber'), null, null,
|
||||
$user->idnumber);
|
||||
s($user->idnumber));
|
||||
$tree->add_node($node);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user