From cf361a95015307cf8b594ebde95af7a3fda97f62 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20S=CC=8Ckoda?= Date: Mon, 23 Sep 2013 21:15:59 +0200 Subject: [PATCH] MDL-41176 do not set description and pw fields in $USER when editing own profile --- user/edit.php | 10 +++++++--- user/editadvanced.php | 4 ++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/user/edit.php b/user/edit.php index ab1478a329c..7c479ef9fb8 100644 --- a/user/edit.php +++ b/user/edit.php @@ -256,12 +256,16 @@ if ($usernew = $userform->get_data()) { } } - // reload from db - $usernew = $DB->get_record('user', array('id'=>$user->id)); + // Reload from db, we need new full name on this page if we do not redirect. + $user = $DB->get_record('user', array('id'=>$user->id), '*', MUST_EXIST); if ($USER->id == $user->id) { // Override old $USER session variable if needed - foreach ((array)$usernew as $variable => $value) { + foreach ((array)$user as $variable => $value) { + if ($variable === 'description' or $variable === 'password') { + // These are not set for security nad perf reasons. + continue; + } $USER->$variable = $value; } // preload custom fields diff --git a/user/editadvanced.php b/user/editadvanced.php index 924ebb1a12f..122a4cc722c 100644 --- a/user/editadvanced.php +++ b/user/editadvanced.php @@ -240,6 +240,10 @@ if ($usernew = $userform->get_data()) { if ($user->id == $USER->id) { // Override old $USER session variable foreach ((array)$usernew as $variable => $value) { + if ($variable === 'description' or $variable === 'password') { + // These are not set for security nad perf reasons. + continue; + } $USER->$variable = $value; } // preload custom fields -- 2.17.1