-
Bug
-
Resolution: Fixed
-
Minor
-
2.7.8, 2.8.6, 2.9
-
MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
-
MOODLE_28_STABLE, MOODLE_29_STABLE
-
MDL-50322-master -
Steps to replicate
1) Create a forum
2) Create a discussion
3) Create a reply to the discussion
4) Click split against the reply
5) Change the Discussion name so that it has more than 255 characters in it
Expected behaviour: Validation or auto truncation?
Actual behaviour:
Debug info: Data too long for column 'name' at row 1
INSERT INTO mdl_forum_discussions (course,forum,name,firstpost,userid,groupid,assessed,usermodified,timestart,timeend) VALUES(?,?,?,?,?,?,?,?,?,?)
[array (
0 => '161',
1 => '364',
2 => 'Re: thisisthestart2343298743298fdklgsdfkjghdfklhgsfdkghsfkldjghsiourtgoriegjfodigjsdkfjg;oierut4w309gfdjgl;fdsjg90reg0osure9g\'rsiojgldfkjgsoij59tg59jgrs\'ogjlidfjgljfdsigoreijtu[owjgoirjglfdjglsdfjgfdsjgoireuoituwo[iu[roeijgfiojglfdsjgfdslgjfdlisjgoserjmmmmmmmmmmmmmmmmmmm',
3 => '108',
4 => '2',
5 => '-1',
6 => '0',
7 => '2',
8 => '0',
9 => '0',
)]
Error code: dmlwriteexception
Stack trace:
line 446 of /lib/dml/moodle_database.php: dml_write_exception thrown
line 1164 of /lib/dml/mysqli_native_moodle_database.php: call to moodle_database->query_end()
line 1210 of /lib/dml/mysqli_native_moodle_database.php: call to mysqli_native_moodle_database->insert_record_raw()
line 471 of /mod/forum/post.php: call to mysqli_native_moodle_database->insert_record()
It's important to note that besides the lack of server side validation / sanitation, the input field for 'name' in prune.html does not have a maxlength attribute.