Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31877

Function get_users function at datalib.php does not remove exceptions

    XMLWordPrintable

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide

      The $exceptions parameter to get_users isn't actually used anywhere in core that I can see.

      To test you'll need to edit an existing page or create a test page to demonstrate the issue. I've attached a page which demonstrates the fix.

      Show
      The $exceptions parameter to get_users isn't actually used anywhere in core that I can see. To test you'll need to edit an existing page or create a test page to demonstrate the issue. I've attached a page which demonstrates the fix.
    • Workaround:
      Hide

      It can be solved changing on datalib.php in the function get_users:

              //$except = " AND id $exceptions";

      for:

              $select .= " AND id $exceptions";

      The $except variable is not used in the function

      Show
      It can be solved changing on datalib.php in the function get_users: //$except = " AND id $exceptions"; for: $select .= " AND id $exceptions"; The $except variable is not used in the function
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-31877-master-1

      Description

      Exceptions does not modifies the $select variable to remove the users selected from the query.

      It could be a security issue if it ignores some users to be assigned as admins for example.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                14/May/12