moodle-filter_filtercodes icon indicating copy to clipboard operation
moodle-filter_filtercodes copied to clipboard

Published 20 hours ago verified publisher icon michael-milette

Bug: the plugin mutates global variable `$USER` when filtering texts with tags

Open golenkovm opened this issue 5 months ago • 0 comments

Prerequisites

  • [X] I'm reporting the issue to the correct repository.
  • [X] I am running the latest version of this plugin (if not, please upgrade first).
  • [X] I checked the README.md and Wiki documentation but did not find my answer.
  • [X] I searched to make sure that this issue had not already been reported.
  • [X] I have, or I know someone who has, the ability and willingness to test the fix on a Moodle LMS-based site.
  • [X] I am submitting no more than one bug report per issue ticket (please do not submit multiple bugs in one issue ticket).
  • [X] I understand that support is provided by volunteer(s).

What happened?

It's been found that global variable $USER is ameded with fullname property on a string convertion. This seems to be a regression of https://github.com/michael-milette/moodle-filter_filtercodes/commit/3806e4b786d70e5554569a971ef57b9b1eec7f66 where $u = $USER; should be $u = clone $USER; to prevent $USER mutation.

What do you think should have happened?

I expected global variable USER is not changed when filter is applied to a string

Steps to reproduce

  1. Login as admin user;
  2. Turn filter_filtercodes on site level;
  3. Create a test course with a label with a random tag in its text;
  4. View the course and the label;
  5. Debug any request and confirm that $USER now has fullname property added.

If debugging is not your thingy the following can be done:

  1. Purge sessions (remove all files in /var/lib/sitedata/sessions/ or whatever storage is used)
  2. Log out as admin
  3. Log in as admin
  4. Search by fullname in the session data, eg grep -lr 'fullname' /var/lib/sitedata/sessions/
  5. Confirm that new session doesn't have it
  6. Access the course and view the label with the tag
  7. Search through the session files again
  8. Confirm that after viewing the label fullname is now added to global USER

Screenshots

No response

Moodle version

Moodle 4.4

Installed Moodle UI Language packs.

  • [ ] English only
  • [ ] One or more other languages/regional dialects (specify below)
  • [ ] Other

If other language(s), please specify

No response

Workaround

No response

Additional information

No response

System information

N/A

Code of Conduct

  • [X] I have read and agree to the project's code of conduct.

golenkovm avatar Aug 30 '24 07:08 golenkovm