Merge branch 'MDL-62180-master' of https://github.com/lucaboesch/moodle
authorJake Dallimore <jake@moodle.com>
Mon, 9 Jul 2018 07:46:25 +0000 (15:46 +0800)
committerJake Dallimore <jake@moodle.com>
Mon, 9 Jul 2018 07:46:25 +0000 (15:46 +0800)
auth/db/auth.php
lib/form/url.php
message/amd/build/message_area_contacts.min.js
message/amd/src/message_area_contacts.js
message/externallib.php
message/lib.php
message/tests/externallib_test.php

index bcb26df..5c2fe8c 100644 (file)
@@ -473,6 +473,12 @@ class auth_plugin_db extends auth_plugin_base {
                     set_user_preference('auth_forcepasswordchange', 1, $id);
                     set_user_preference('create_password',          1, $id);
                 }
+
+                // Save custom profile fields here.
+                require_once($CFG->dirroot . '/user/profile/lib.php');
+                $user->id = $id;
+                profile_save_data($user);
+
                 // Make sure user context is present.
                 context_user::instance($id);
             }
index c114298..ddfc6a6 100644 (file)
@@ -144,7 +144,7 @@ class MoodleQuickForm_url extends HTML_QuickForm_text implements templatable {
         if (count($options->repositories) > 0) {
             $straddlink = get_string('choosealink', 'repository');
             $str .= <<<EOD
-<button id="filepicker-button-js-{$clientid}" class="visibleifjs btn btn-secondary">
+<button type="button" id="filepicker-button-js-{$clientid}" class="visibleifjs btn btn-secondary">
 $straddlink
 </button>
 EOD;
index 1fe8926..d5078a2 100644 (file)
Binary files a/message/amd/build/message_area_contacts.min.js and b/message/amd/build/message_area_contacts.min.js differ
index 4d409cc..c2eb102 100644 (file)
@@ -553,15 +553,13 @@ define(['jquery', 'core/ajax', 'core/templates', 'core/notification', 'core/cust
          * @return {String} The altered text
          */
         Contacts.prototype._getContactText = function(text) {
-            // Remove the HTML tags to render the contact text.
-            text = $(document.createElement('div')).html(text).text();
-
             if (text.length > this._messageLength) {
                 text = text.substr(0, this._messageLength - 3);
                 text += '...';
             }
 
-            return text;
+            // Text node prevents script injection through HTML entities.
+            return document.createTextNode(text);
         };
 
         /**
index 26c4ccd..5151adb 100644 (file)
@@ -1537,8 +1537,6 @@ class core_message_external extends external_api {
                     }
                 }
 
-                $message->useridto = $useridto;
-
                 // We need to get the user from the query.
                 if (empty($userfromfullname)) {
                     // Check for non-reply and support users.
index 9143d13..48c3686 100644 (file)
@@ -688,14 +688,16 @@ function message_get_messages($useridto, $useridfrom = 0, $notifications = -1, $
     // If the 'useridto' value is empty then we are going to retrieve messages sent by the useridfrom to any user.
     if (empty($useridto)) {
         $userfields = get_all_user_name_fields(true, 'u', '', 'userto');
+        $messageuseridtosql = 'u.id as useridto';
     } else {
         $userfields = get_all_user_name_fields(true, 'u', '', 'userfrom');
+        $messageuseridtosql = "$useridto as useridto";
     }
 
     // Create the SQL we will be using.
     $messagesql = "SELECT mr.*, $userfields, 0 as notification, '' as contexturl, '' as contexturlname,
                           mua.timecreated as timeusertodeleted, mua2.timecreated as timeread,
-                          mua3.timecreated as timeuserfromdeleted
+                          mua3.timecreated as timeuserfromdeleted, $messageuseridtosql
                      FROM {messages} mr
                INNER JOIN {message_conversations} mc
                        ON mc.id = mr.conversationid
index f5475d7..9ae8b7e 100644 (file)
@@ -671,6 +671,74 @@ class core_message_externallib_testcase extends externallib_advanced_testcase {
 
     }
 
+    /**
+     * Test get_messages where we want all messages from a user, sent to any user.
+     */
+    public function test_get_messages_useridto_all() {
+        $this->resetAfterTest(true);
+
+        $user1 = self::getDataGenerator()->create_user();
+        $user2 = self::getDataGenerator()->create_user();
+        $user3 = self::getDataGenerator()->create_user();
+
+        $this->setUser($user1);
+
+        // Send a message from user 1 to two other users.
+        $this->send_message($user1, $user2, 'some random text 1', 0, 1);
+        $this->send_message($user1, $user3, 'some random text 2', 0, 2);
+
+        // Get messages sent from user 1.
+        $messages = core_message_external::get_messages(0, $user1->id, 'conversations', false, false, 0, 0);
+        $messages = external_api::clean_returnvalue(core_message_external::get_messages_returns(), $messages);
+
+        // Confirm the data is correct.
+        $messages = $messages['messages'];
+        $this->assertCount(2, $messages);
+
+        $message1 = array_shift($messages);
+        $message2 = array_shift($messages);
+
+        $this->assertEquals($user1->id, $message1['useridfrom']);
+        $this->assertEquals($user2->id, $message1['useridto']);
+
+        $this->assertEquals($user1->id, $message2['useridfrom']);
+        $this->assertEquals($user3->id, $message2['useridto']);
+    }
+
+    /**
+     * Test get_messages where we want all messages to a user, sent by any user.
+     */
+    public function test_get_messages_useridfrom_all() {
+        $this->resetAfterTest();
+
+        $user1 = self::getDataGenerator()->create_user();
+        $user2 = self::getDataGenerator()->create_user();
+        $user3 = self::getDataGenerator()->create_user();
+
+        $this->setUser($user1);
+
+        // Send a message to user 1 from two other users.
+        $this->send_message($user2, $user1, 'some random text 1', 0, 1);
+        $this->send_message($user3, $user1, 'some random text 2', 0, 2);
+
+        // Get messages sent to user 1.
+        $messages = core_message_external::get_messages($user1->id, 0, 'conversations', false, false, 0, 0);
+        $messages = external_api::clean_returnvalue(core_message_external::get_messages_returns(), $messages);
+
+        // Confirm the data is correct.
+        $messages = $messages['messages'];
+        $this->assertCount(2, $messages);
+
+        $message1 = array_shift($messages);
+        $message2 = array_shift($messages);
+
+        $this->assertEquals($user2->id, $message1['useridfrom']);
+        $this->assertEquals($user1->id, $message1['useridto']);
+
+        $this->assertEquals($user3->id, $message2['useridfrom']);
+        $this->assertEquals($user1->id, $message2['useridto']);
+    }
+
     /**
      * Test get_blocked_users.
      */