Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61535

Improve perf on report_security_check_riskxss / report_security_check_riskbackup

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.4, 3.5.4, 3.6.2, 3.7
    • Fix Version/s: 3.5.5, 3.6.3
    • Component/s: Reports
    • Labels:
    • Testing Instructions:
      Hide
      1. Open Site administration -> Reports -> Security Overview
        1. Confirm that the page loads
      2. Take note of the information shown for the "XSS trusted users" row
      3. Open the XSS trusted users page
        1. Confirm that the user count matches
      4. Go back one page
      5. Take note of the information shown for the "Backup of user data" row
      6. Open the "Backup of user data" page
        1. Confirm that the user count matches
      Show
      Open Site administration -> Reports -> Security Overview Confirm that the page loads Take note of the information shown for the " XSS trusted users " row Open the XSS trusted users page Confirm that the user count matches Go back one page Take note of the information shown for the " Backup of user data " row Open the "Backup of user data" page Confirm that the user count matches
    • Affected Branches:
      MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE
    • Pull 3.5 Branch:
    • Pull Master Branch:
      MDL-61535-master

      Description

      Hello everyone,

      This is a little improvement I made for a client and I share it here.

      In the functions report_security_check_riskxss and report_security_check_riskbackup, we had some performance issues and I fixed it by replacing "SELECT rcx.*" by "SELECT DISTINCT rcx.contextid, rcx.roleid".

      Here's the full diff

      diff --git a/report/security/locallib.php b/report/security/locallib.php
      index 59123c49a0..eaa71bd98d 100644
      --- a/report/security/locallib.php
      +++ b/report/security/locallib.php
      @@ -466,7 +466,7 @@ function report_security_check_riskxss($detailed=false) {
       
      $params = array('capallow'=>CAP_ALLOW);
       
      - $sqlfrom = "FROM (SELECT rcx.*
      + $sqlfrom = "FROM (SELECT DISTINCT rcx.contextid, rcx.roleid
      FROM {role_capabilities} rcx
      JOIN {capabilities} cap ON (cap.name = rcx.capability AND ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0)
      WHERE rcx.permission = :capallow) rc,
      @@ -755,7 +755,7 @@ function report_security_check_riskbackup($detailed=false) {
      $params = array('capability'=>'moodle/backup:userinfo', 'permission'=>CAP_ALLOW, 'context1'=>CONTEXT_COURSE, 'context2'=>CONTEXT_COURSE);
       
      $sqluserinfo = "
      - FROM (SELECT rcx.*
      + FROM (SELECT DISTINCT rcx.contextid, rcx.roleid
      FROM {role_capabilities} rcx
      WHERE rcx.permission = :permission AND rcx.capability = :capability) rc,
      {context} c,
      

      Kind regards,

      Olivier

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Mar/19

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 17 minutes
                17m