From 634660958498024a653fde792838e19fd62e310d Mon Sep 17 00:00:00 2001 From: skodak Date: Sat, 7 Mar 2009 20:59:25 +0000 Subject: [PATCH] MDL-18265 fixed regressions by hardfreeze security workaround - defaults were overriding locked values --- user/edit_form.php | 9 +++++---- user/editadvanced_form.php | 2 +- user/profile/lib.php | 30 ++++++++++++++++++++++++------ 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/user/edit_form.php b/user/edit_form.php index 6341317dbf..e1f578ef41 100644 --- a/user/edit_form.php +++ b/user/edit_form.php @@ -97,11 +97,12 @@ class user_edit_form extends moodleform { } } - } - - /// Next the customisable profile fields - profile_definition_after_data($mform); + /// Next the customisable profile fields + profile_definition_after_data($mform, $user->id); + } else { + profile_definition_after_data($mform, 0); + } } function validation($usernew, $files) { diff --git a/user/editadvanced_form.php b/user/editadvanced_form.php index 9ba149862e..0824340df7 100644 --- a/user/editadvanced_form.php +++ b/user/editadvanced_form.php @@ -107,7 +107,7 @@ class user_editadvanced_form extends moodleform { } /// Next the customisable profile fields - profile_definition_after_data($mform); + profile_definition_after_data($mform, $userid); } function validation($usernew, $files) { diff --git a/user/profile/lib.php b/user/profile/lib.php index f644332e32..5b3f8fae49 100644 --- a/user/profile/lib.php +++ b/user/profile/lib.php @@ -71,6 +71,20 @@ class profile_field_base { $this->edit_field_add($mform); $this->edit_field_set_default($mform); $this->edit_field_set_required($mform); + return true; + } + return false; + } + + /** + * Tweaks the edit form + * @param object instance of the moodleform class + * $return boolean + */ + function edit_after_data(&$mform) { + + if ($this->field->visible != PROFILE_VISIBLE_NONE + or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) { $this->edit_field_set_locked($mform); return true; } @@ -151,6 +165,9 @@ class profile_field_base { * @param object instance of the moodleform class */ function edit_field_set_locked(&$mform) { + if (!$mform->elementExists($this->inputname)) { + return; + } if ($this->is_locked() and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) { $mform->hardFreeze($this->inputname); $mform->setConstant($this->inputname, $this->data); @@ -350,18 +367,19 @@ function profile_definition(&$mform) { } } -function profile_definition_after_data(&$mform) { +function profile_definition_after_data(&$mform, $userid) { global $CFG, $DB; -/* + + $userid = ($userid < 0) ? 0 : (int)$userid; + if ($fields = $DB->get_records('user_info_field')) { foreach ($fields as $field) { require_once($CFG->dirroot.'/user/profile/field/'.$field->datatype.'/field.class.php'); $newfield = 'profile_field_'.$field->datatype; - $formfield = new $newfield($field->id); -//TODO add: method into field class - + $formfield = new $newfield($field->id, $userid); + $formfield->edit_after_data($mform); } - }*/ + } } function profile_validation($usernew, $files) { -- 2.39.5