Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-31072: Fixed bug causing memory overflow for many-user systems:

when function find_users was supposed to be used for user validation but no userids were passed to it, it retrieved all users in the system.
This caused memory overflow on systems with too many users (like moodle.org).
Now we make sure that find_users is not called for validation if there is nobody to validate.

Also improved query inside find_users to make it work faster
  • Loading branch information...
commit 037ef684a35ff589541d6f15d464e1b8ea18bbd2 1 parent 41fb628
@marinaglancy marinaglancy authored kordan committed
Showing with 9 additions and 11 deletions.
  1. +4 −6 admin/roles/lib.php
  2. +5 −5 user/selector/lib.php
View
10 admin/roles/lib.php
@@ -1044,10 +1044,9 @@ public function find_users($search) {
$sql = " FROM {user} u
WHERE u.id IN ($enrolsql) $wherecondition
AND u.id NOT IN (
- SELECT u.id
- FROM {role_assignments} r, {user} u
+ SELECT r.userid
+ FROM {role_assignments} r
WHERE r.contextid = :contextid
- AND u.id = r.userid
AND r.roleid = :roleid)";
$order = ' ORDER BY lastname ASC, firstname ASC';
@@ -1096,10 +1095,9 @@ public function find_users($search) {
$sql = " FROM {user}
WHERE $wherecondition
AND id NOT IN (
- SELECT u.id
- FROM {role_assignments} r, {user} u
+ SELECT r.userid
+ FROM {role_assignments} r
WHERE r.contextid = :contextid
- AND u.id = r.userid
AND r.roleid = :roleid)";
$order = ' ORDER BY lastname ASC, firstname ASC';
View
10 user/selector/lib.php
@@ -369,13 +369,13 @@ protected function load_selected_users() {
// See if we got anything.
if ($this->multiselect) {
$userids = optional_param_array($this->name, array(), PARAM_INTEGER);
- } else {
- $userid = optional_param($this->name, 0, PARAM_INTEGER);
- if (empty($userid)) {
- return array();
- }
+ } else if ($userid = optional_param($this->name, 0, PARAM_INTEGER)) {
$userids = array($userid);
}
+ // If there are no users there is nobody to load
+ if (empty($userids)) {
+ return array();
+ }
// If we did, use the find_users method to validate the ids.
$this->validatinguserids = $userids;
Please sign in to comment.
Something went wrong with that request. Please try again.