-
Bug
-
Resolution: Fixed
-
Critical
-
2.6.3, 2.7
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
46151-28
-
-
With a certain configuration of Moodle, we are seeing certain text strings being replaced with the digit 1. To reproduce:
On a Moodle 2.6+ server with:
- The htmlpurifier cache using a memcache cache store (not memcached)
- The PHP memcache module version 2.2.4 (other versions may give the same behaviour, but 3.0.8 appears to be different)
go to the activity chooser a number of times (completely refreshing the page each time) and click assignment. Eventually the help text in the right hand panel will change to "1".
The root cause of this seems to be that the purify_html() function in weblib.php is caching a boolean true to indicate that a string has not been changed, but with the setup above is receiving a string "1" instead of a properly typed boolean, and is treating this as the purified text.
This seems to be because older versions of the memcache module do not always return data in the same type as was set, particularly for booleans (where the behaviour is almost undefined given that Memcache::get() returns false for errors and missing data).
The documentation for the memcache module actually says that it "returns the string associated with the key" (http://www.php.net/manual/en/memcache.get.php), although this doesn't seem to be the case for PHP objects which seem to be serialised and deserialised on the fly.
As far as we can make out, version 3.0.8 has different behaviour, where data is returned with exactly the same type as when it was set, so this problem doesn't occur. It's not clear which version of the module introduced this change.