MDL-18040 rewritten XSS query, I hope this will be much faster

moodle · Jan 28, 2009 · 4399507 · 4399507
1 parent ad70c47
commit 4399507
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php
@@ -484,15 +484,16 @@ function report_security_check_riskxss($detailed=false) {
 
     $params = array('capallow'=>CAP_ALLOW);
 
-    $sqlfrom = "FROM {role_capabilities} rc
-                JOIN {capabilities} cap ON cap.name = rc.capability
-                JOIN {context} c ON c.id = rc.contextid
-                JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").")
-                JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid)
-                JOIN {user} u ON u.id = ra.userid
-               WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0
-                     AND rc.permission = :capallow
-                     AND u.deleted = 0";
+    $sqlfrom = "FROM (SELECT rcx.* FROM {role_capabilities} rcx JOIN {capabilities} cap ON (cap.name = rcx.capability AND ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0))rc,
+                     {context} c,
+                     {context} sc,
+                     {role_assignments} ra,
+                     {user} u
+               WHERE c.id = rc.contextid
+                     AND (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").")
+                     AND u.id = ra.userid
+                     AND ra.contextid = sc.id AND ra.roleid = rc.roleid
+                     AND rc.permission = :capallow AND u.deleted = 0";
 
     $count = $DB->count_records_sql("SELECT COUNT(DISTINCT u.id) $sqlfrom", $params);