refs #14691 - user editing self should not change User.current
Rather than changing the behaviour of #to_label to return persisted data, the User.current object should not be modified with unsaved data from the form submission or API update.
User.current is used for authz as well as for display purposes, so shouldn't be changed. Parameter filtering protects privilege escalation in this case.
Related issues
Bug #14691: Invalid user name string shown in the main menu on edit form
Added by Dominic Cleal about 8 years ago
refs #14691 - user editing self should not change User.current
Rather than changing the behaviour of #to_label to return persisted
data, the User.current object should not be modified with unsaved data
from the form submission or API update.
User.current is used for authz as well as for display purposes, so
shouldn't be changed. Parameter filtering protects privilege escalation
in this case.