Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31706

grade form submission fails due to low/default PHP max_input_vars value

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.2.1
    • Fix Version/s: None
    • Labels:
      None
    • Environment:
      PHP 5.4RC4
    • Testing Instructions:
      Hide

      1. test on a server with PHP 5.3.9+
      2. find a course site with a large number of students and/or a larger number of grade items using this formula:
      [students shown per page] x [grade items] x [2] (and x [2] again if "quick feedback" is on) > PHP's max_input_vars value
      3. submit a grade update using the grader report editing mode
      4. a blank page should appear next with this PHP error logged (default value of 1000 shown):
      PHP Fatal error: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0

      Show
      1. test on a server with PHP 5.3.9+ 2. find a course site with a large number of students and/or a larger number of grade items using this formula: [students shown per page] x [grade items] x [2] (and x [2] again if "quick feedback" is on) > PHP's max_input_vars value 3. submit a grade update using the grader report editing mode 4. a blank page should appear next with this PHP error logged (default value of 1000 shown): PHP Fatal error: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
    • Workaround:
      Hide

      At least 3 ways to workaround this:

      1. change the "Students per page" setting either site-wide or per-user to reduce the number of input fields generated per page, according to the number of grade items.

      2. discourage users to edit grades using the grader report view.

      3. raise the PHP max_input_vars to above a comfortable value that's higher than the maximum count of (total user x number of grade items x 2 x 2 for quick feedback) of any course sites.

      e.g.: the largest course site has [50 students] x [20 grade items] x [2 (input + hidden input field)] x [2 (with quick feedback)] = 4000 input fields, the PHP max_input_vars needs to be set larger than 4000+.

      Show
      At least 3 ways to workaround this: 1. change the "Students per page" setting either site-wide or per-user to reduce the number of input fields generated per page, according to the number of grade items. 2. discourage users to edit grades using the grader report view. 3. raise the PHP max_input_vars to above a comfortable value that's higher than the maximum count of (total user x number of grade items x 2 x 2 for quick feedback) of any course sites. e.g.: the largest course site has [50 students] x [20 grade items] x [2 (input + hidden input field)] x [2 (with quick feedback)] = 4000 input fields, the PHP max_input_vars needs to be set larger than 4000+.
    • Affected Branches:
      MOODLE_22_STABLE

      Description

      When updating the grades using the grader report with an input field count (approx. users x grade items x 2 x 2(with quick feedback)) larger than the PHP max_input_vars configuration value, PHP kills the grade submission with a fatal error. The end user usually sees a blank page if PHP error reporting is turn off and the newly "entered" grades are not submitted.

      The max_input_vars configuration value is available since PHP 5.3.9 with a default value of 1000. Due to the recent hash table vulnerability attack, limiting the parameter count has been suggested as one of the security measures. This means it is more likely to see future PHP setups with the default 1000 value or even a smaller value.

      Here are few ways to detect/fix this issue in Moodle, ranging from easy to complicated:
      1. detect (ini_get('max_input_vars')) and suggest a larger max_input_vars value setting as part of the install/upgrade check.
      2. detect, block, and present a message with suggested fixes(increase max_input_vars, reduce number of students per page) when user tries to turn on editing mode on the grader report page.
      3. dynamically detect and present a lower number of students per page for grader report at editing according to number of grade items, effectively ignoring the "students-per-page" setting.
      4. change the way grades, or any other modules with mass input fields, are submitted to reduce the total number of input params, such as using input arrays.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              moodle.com moodle.com
              Reporter:
              davidtang David Tang
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: