Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-73427

$SESSION->fromurl is attempted to be changed during READ_ONLY_SESSION sessions

XMLWordPrintable

      Error logs:

      PHP message: Script /lib/ajax/getnavbranch.php?id=xxx&type=xx defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->fromurl"

      Likely root cause is either this:

      This exception handling stores stuff in the session:
      https://github.com/moodle/moodle/blob/master/lib/setuplib.php#L590-L596

      Or this one:
      https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L2728-L2731

      There is a grand total of 4 touch points in core around this and honestly I can't see much point to any of it. In all cases the value in $SESSION->fromurl will be the same as get_local_referer from the referrer header, so I don't see any value in storing it in the session and it's just more session churn which will mean it is forced to be rewritten each time for no reason (see MDL-69707). In any case relying on the referrer header for anything important is bad, eg under some csp setups there is never a referrer header sent.

       

      lib/setuplib.php-589-
      lib/setuplib.php-590- if (empty($link)) {
      lib/setuplib.php:591: if (!empty($SESSION->fromurl)) {
      lib/setuplib.php:592: $link = $SESSION->fromurl;
      lib/setuplib.php:593: unset($SESSION->fromurl);
      lib/setuplib.php-594- } else {
      lib/setuplib.php-595- $link = $CFG->wwwroot .'/';
      --
      lib/moodlelib.php-2728- $referer = get_local_referer(false);
      lib/moodlelib.php-2729- if (!empty($referer)) {
      lib/moodlelib.php:2730: $SESSION->fromurl = $referer;
      lib/moodlelib.php-2731- }
      lib/moodlelib.php-2732-
      --
      mod/forum/post.php-161- }
      mod/forum/post.php-162-
      mod/forum/post.php:163: $SESSION->fromurl = get_local_referer(false);
      mod/forum/post.php-164-
      mod/forum/post.php-165- // Load up the $post variable.
      --
      mod/forum/post.php-787-} else if ($mformpost->is_submitted() && !$mformpost->no_submit_button_pressed() && $fromform = $mformpost->get_data()) {
      mod/forum/post.php-788-
      mod/forum/post.php:789: if (empty($SESSION->fromurl)) {
      mod/forum/post.php-790- $errordestination = $urlfactory->get_forum_view_url_from_forum($forumentity);
      mod/forum/post.php-791- } else {
      mod/forum/post.php:792: $errordestination = $SESSION->fromurl;
      mod/forum/post.php-793- }
      mod/forum/post.php-794-

            cameron1729 cameron1729
            brendanheywood Brendan Heywood
            Brendan Heywood Brendan Heywood
            Ilya Tregubov Ilya Tregubov
            Angelia Dela Cruz Angelia Dela Cruz
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 minutes
                5m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.