Closed wilson29thid closed 6 months ago
This wasn't a bug or a security issue. The in-memory User
instance was simply updated with the form values in the create
action before re-rendering, and User#to_s
printed the short_name version if last_name
had a value. I've made it so User#to_s
always shows the username
for users who aren't persisted, just to avoid confusion in the future.
On testing just now, I deliberately left a validation error (didn't tick yes/no on experience question), and the page it took me to (form with validation errors) showed my name as "Rec. Tester" in the navbar. So the user model was updated with the last name. That's unexpected behaviour. Maybe it's fine, but I should investigate for any bugs. The user doesn't appear to have been created in the database, but I want to understand why this happened at least.