Moodle

Missing single quotes on a query in accesslib makes the home page crash

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.9
  • Fix Version/s: 1.9
  • Component/s: Libraries
  • Labels:
    None
  • Database:
    MySQL
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_19_STABLE

Description

At line 1405 there were missing quotes arounf the {$context->id} variable: when it is empty it makes the query crash and the XML Parser throws an error...

$sql = "SELECT ctx.path, rc.roleid, rc.capability, rc.permission
FROM {$CFG->prefix}role_capabilities rc
JOIN {$CFG->prefix}context ctx
ON rc.contextid=ctx.id
WHERE (rc.roleid IN ($roleids)
==> AND (ctx.id='{$context->id}' OR ctx.path LIKE '{$context->path}/%'))
$wherelocalroles
ORDER BY ctx.depth ASC, ctx.path DESC, rc.roleid ASC ";

Issue Links

This issue has a non-specific relationship to:
MDL-11360 Call to a member function on a non-object Major Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Martin Dougiamas added a comment -

I'm pretty sure this is not an issue anymore, but assigning to Martin L to check.

The actual fix proposed here is not ideal, I think, because quotes around a number slow things down, and also because the SQL shouldn't even be called if there is no $context->id ..

Show
Martin Dougiamas added a comment - I'm pretty sure this is not an issue anymore, but assigning to Martin L to check. The actual fix proposed here is not ideal, I think, because quotes around a number slow things down, and also because the SQL shouldn't even be called if there is no $context->id ..
Hide
Permalink
Martín Langhoff added a comment -

Two things -

First, if the value is empty, the query is invalid in Pg with or without the single quotes. In a sense, I rather hear about it – instead of the query silently returning 0 rows – as it's an invalid situation, and the caller is doing something wrong.

Danielle, when you see it empty - and crashing, you should get a callstack. If you are getting an xml error, just do a "view source" on it, and you'll see the html for the incomplete page. With debugging on, the last bit will be a callstack.

Show
Martín Langhoff added a comment - Two things - First, if the value is empty, the query is invalid in Pg with or without the single quotes. In a sense, I rather hear about it – instead of the query silently returning 0 rows – as it's an invalid situation, and the caller is doing something wrong. Danielle, when you see it empty - and crashing, you should get a callstack. If you are getting an xml error, just do a "view source" on it, and you'll see the html for the incomplete page. With debugging on, the last bit will be a callstack.
Hide
Permalink
Christian Deligant added a comment - - edited

Well, the problem happened just after an upgrade from the CVS.
Putting the quotes fixed the error... for a while... Actually I had to rebuild all the tables from scratch but fortunatelly it is a test server

Thank you for the hint on XML Source: after playing around with the code |-) for a while I found out

PS: in MySQL, a query like ... ctx.ID= OR ... thorws an error, not a warning, so I make it ... ctx.id='' OR ... and it is a 0 record SQL instead of an error

Show
Christian Deligant added a comment - - edited Well, the problem happened just after an upgrade from the CVS. Putting the quotes fixed the error... for a while... Actually I had to rebuild all the tables from scratch but fortunatelly it is a test server Thank you for the hint on XML Source: after playing around with the code |-) for a while I found out PS: in MySQL, a query like ... ctx.ID= OR ... thorws an error, not a warning, so I make it ... ctx.id='' OR ... and it is a 0 record SQL instead of an error
Hide
Permalink
Martín Langhoff added a comment -

Hi Christian - the problem is that the code should never try without a context id. There is a bug, putting quotes there will hide the bug – but only in mysql!. Instead of hiding the bug, let's diagnose and fix it.

Show
Martín Langhoff added a comment - Hi Christian - the problem is that the code should never try without a context id. There is a bug, putting quotes there will hide the bug – but only in mysql!. Instead of hiding the bug, let's diagnose and fix it.
Hide
Permalink
Christian Deligant added a comment -

Hi Martìn - I understand! I am new to collaborative debugging, so I didn't think of tracking down precisely what happened. As I remember I had really lots of mysql errors alla around the blocks, so I asked Andrea Bicciolo what to do... After dropping all the tables and letting Moodle rebuild them all everything was fixed; so it is a half-bug that happened only because of the CVS-update

Show
Christian Deligant added a comment - Hi Martìn - I understand! I am new to collaborative debugging, so I didn't think of tracking down precisely what happened. As I remember I had really lots of mysql errors alla around the blocks, so I asked Andrea Bicciolo what to do... After dropping all the tables and letting Moodle rebuild them all everything was fixed; so it is a half-bug that happened only because of the CVS-update
Hide
Permalink
Martin Dougiamas added a comment -

I'm resolving this even though I see it more than I'd like to (when context upgrades didn't go as expected)

Show
Martin Dougiamas added a comment - I'm resolving this even though I see it more than I'd like to (when context upgrades didn't go as expected)

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.