-
Bug
-
Resolution: Fixed
-
Critical
-
3.9.23, 3.11.16, 4.0.10, 4.1.5, 4.2, 4.2.1, 4.2.2
-
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
-
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
-
MDL-79017-401 -
\file_storage::unpack_reference was changed to use unserialize_array instead of unserialize in MDL-78647 (which I cannot access).
However, the docstring of unserialize_array states
* Note: If any string (key or value) has semicolon (;) as part of the string parsing will fail. |
Thus, if the filename in a reference contains a semicolon, \file_storage::unpack_reference throws a file_reference_exception. The same happens with closing curly braces ("}").
Steps to reproduce
- Create an assignment
- Submit a file with a semicolon in its name, e.g. "foo;bar.pdf"
- Click "Edit submission"
- The following error will be shown
error/filereferenceproblem
Debug info: Not an unserializeable value
Error code: filereferenceproblem
$a contents: stdClass Object
(
[repositoryid] =>
[reference] => a:6:{s:9:"contextid";i:3993;s:9:"component";s:21:"assignsubmission_file";s:6:"itemid";i:1;s:8:"filearea";s:16:"submission_files";s:8:"filepath";s:1:"/";s:8:"filename";s:11:"foo;bar.pdf";}
[referencefileid] =>
[fileid] =>
)
Stack trace:
line 1962 of /lib/filestorage/file_storage.php: file_reference_exception thrown
line 2101 of /lib/filestorage/file_storage.php: call to file_storage::unpack_reference()
line 790 of /lib/filelib.php: call to file_storage->search_references_count()
line 429 of /lib/form/filemanager.php: call to file_get_drafarea_files()
line 295 of /lib/form/filemanager.php: call to form_filemanager->__construct()
line 192 of /lib/pear/HTML/QuickForm/Renderer/Tableless.php: call to MoodleQuickForm_filemanager->toHtml()
line 3477 of /lib/formslib.php: call to HTML_QuickForm_Renderer_Tableless->renderElement()
line 430 of /lib/pear/HTML/QuickForm/element.php: call to MoodleQuickForm_Renderer->renderElement()
line 1642 of /lib/pear/HTML/QuickForm.php: call to HTML_QuickForm_element->accept()
line 2113 of /lib/formslib.php: call to HTML_QuickForm->accept()
line 1685 of /lib/pear/HTML/QuickForm.php: call to MoodleQuickForm->accept()
line 445 of /lib/pear/HTML/Common.php: call to HTML_QuickForm->toHtml()
line 1045 of /lib/formslib.php: call to HTML_Common->display()
line 1483 of /mod/assign/classes/output/renderer.php: call to moodleform->display()
line 141 of /mod/assign/classes/output/renderer.php: call to mod_assign\output\renderer->moodleform()
line 495 of /lib/outputrenderers.php: call to mod_assign\output\renderer->render_assign_form()
line 4849 of /mod/assign/locallib.php: call to plugin_renderer_base->render()
line 660 of /mod/assign/locallib.php: call to assign->view_edit_submission_page()
line 55 of /mod/assign/view.php: call to assign->view()