-
Bug
-
Resolution: Fixed
-
Critical
-
4.1.6, 4.2.3, 4.3
We found that in certain courses, the gradereport_user_get_grade_items webservice function would return
{"exception":"invalid_response_exception","errorcode":"invalidresponse","message":"Invalid response value detected"}It turns out that this was because the affected courses had one or more grade items that included an ampersand (&) in the name of a grade item. This causes an issue because the validation structure in /grade/report/user/classes/external/user.php defines the itemname as PARAM_CLEANHTML; meanwhile, it appears that when a parameter of this type is cleaned in the validate_param function in lib/moodlelib.php, the ampersand symbol is converted from
"&"
|
to
"&" |
This is problematic because validate_param does a check that fails if the cleaned string does not match the original string on line 791 of lib/moodlelib.php, and it is here that the error is ultimately thrown that appears in the response.
Note that the parameter type CLEANHTML was changed recently from TEXT; the latter type did not cause this issue. The tracker item that resulted in that change is here: https://tracker.moodle.org/browse/MDL-78533
It seems there are two possible solutions to this issue:
- Change the parameter type for itemname again to something else that fulfills the requirements for both tickets
- Alter the conditional in validate_param to account for this case
- This seems to be the better option to me – I'm surprised that this issue hasn't appeared elsewhere.
(Feel free to close if this issue should be handled elsewhere, like on the original ticket)
- has a non-specific relationship to
-
-
- Closed
-
- has been marked as being related by
-
-
- Open
-
- is a regression caused by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
