Moodle
  1. Moodle
  2. MDL-18141

Calculated question formula validation allows syntactical incorrect code

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.9.4
    • Fix Version/s: None
    • Component/s: Questions
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Rank:
      4993

      Description

      Calculated question formula validation think that formulas like

      {a}

      ?

      {b}

      is valid, which then results in parse errors in eval'ed code.

      Easy workaround for this would be this method of syntax validation ($code is full code you need to execute, not just formula):
      function check_syntax($code) {
      return @eval('return true;' . $code);
      }

      The function will return true if code is syntactical correct and false if it is not.

      To get more accurate error reporting you'll need to use tools like http://netevil.org/blog/2006/nov/parser-and-lexer-generators-for-php
      This may not be easy at first, thought it'll provide you with an ability to create any possible features in you formulas and (eventually) avoid eval at all (this is good, as passing users input to eval may lead to very serious security vulnerabilities). Actually tools will made most complex job for you.

        Issue Links

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: