refs #14691 - user editing self should not change User.current
Rather than changing the behaviour of #to_label to return persisted data, the User.current object should not be modified with unsaved data from the form submission or API update.
User.current is used for authz as well as for display purposes, so shouldn't be changed. Parameter filtering protects privilege escalation in this case.
(cherry picked from commit bd622a22e7679982e20002969bd53ee4154e4c1c)
Related issues
Bug #14691: Invalid user name string shown in the main menu on edit form
Added by Dominic Cleal about 8 years ago
refs #14691 - user editing self should not change User.current
Rather than changing the behaviour of #to_label to return persisted
data, the User.current object should not be modified with unsaved data
from the form submission or API update.
User.current is used for authz as well as for display purposes, so
shouldn't be changed. Parameter filtering protects privilege escalation
in this case.
(cherry picked from commit bd622a22e7679982e20002969bd53ee4154e4c1c)