-
Bug
-
Resolution: Fixed
-
Minor
-
2.1.6, 2.2.3, 2.3
-
MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
-
MOODLE_21_STABLE, MOODLE_22_STABLE
-
MDL-33040-master-1 -
Just noticed that report/log/index.php has PARAM_FILE as it's type.
It also states in it's comment:
// Date to display - number or some string
|
However, in looking into this:
print_log() is called with $date, which passes the $date straight to build_logs_array() which in turn runs:
if ($date) {
|
$enddate = $date + 86400;
|
$joins[] = "l.time > :date AND l.time < :enddate";
|
$params['date'] = $date;
|
$params['enddate'] = $enddate;
|
}
|
Specifying a string (e.g. now) just causes a database error. The string is passed in as a bind param so never evaled as a function (which is good).
Vote to convert to a PARAM_INT and adjust the comment accordingly