Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61535

Improve perf on report_security_check_riskxss / report_security_check_riskbackup

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 3.5.5, 3.6.3
    • 3.4, 3.5.4, 3.6.2, 3.7
    • Reports
    • MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE
    • MOODLE_35_STABLE, MOODLE_36_STABLE
    • MDL-61535-master
    • Hide
      1. Open Site administration -> Reports -> Security Overview
        1. Confirm that the page loads
      2. Take note of the information shown for the "XSS trusted users" row
      3. Open the XSS trusted users page
        1. Confirm that the user count matches
      4. Go back one page
      5. Take note of the information shown for the "Backup of user data" row
      6. Open the "Backup of user data" page
        1. Confirm that the user count matches
      Show
      Open Site administration -> Reports -> Security Overview Confirm that the page loads Take note of the information shown for the " XSS trusted users " row Open the XSS trusted users page Confirm that the user count matches Go back one page Take note of the information shown for the " Backup of user data " row Open the "Backup of user data" page Confirm that the user count matches

    Description

      Hello everyone,

      This is a little improvement I made for a client and I share it here.

      In the functions report_security_check_riskxss and report_security_check_riskbackup, we had some performance issues and I fixed it by replacing "SELECT rcx.*" by "SELECT DISTINCT rcx.contextid, rcx.roleid".

      Here's the full diff

      diff --git a/report/security/locallib.php b/report/security/locallib.php
      index 59123c49a0..eaa71bd98d 100644
      --- a/report/security/locallib.php
      +++ b/report/security/locallib.php
      @@ -466,7 +466,7 @@ function report_security_check_riskxss($detailed=false) {
       
      $params = array('capallow'=>CAP_ALLOW);
       
      - $sqlfrom = "FROM (SELECT rcx.*
      + $sqlfrom = "FROM (SELECT DISTINCT rcx.contextid, rcx.roleid
      FROM {role_capabilities} rcx
      JOIN {capabilities} cap ON (cap.name = rcx.capability AND ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0)
      WHERE rcx.permission = :capallow) rc,
      @@ -755,7 +755,7 @@ function report_security_check_riskbackup($detailed=false) {
      $params = array('capability'=>'moodle/backup:userinfo', 'permission'=>CAP_ALLOW, 'context1'=>CONTEXT_COURSE, 'context2'=>CONTEXT_COURSE);
       
      $sqluserinfo = "
      - FROM (SELECT rcx.*
      + FROM (SELECT DISTINCT rcx.contextid, rcx.roleid
      FROM {role_capabilities} rcx
      WHERE rcx.permission = :permission AND rcx.capability = :capability) rc,
      {context} c,
      

      Kind regards,

      Olivier

      Attachments

        Activity

          People

            dobedobedoh Andrew Lyons
            Trolli Olivier Piton
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Janelle Barcega Janelle Barcega
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 17 minutes
                17m

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.