Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-13915: Fixed add_to_log when very long url is specified (now does…

…n't try to insert more than 100 chars into database)
  • Loading branch information...
commit c147575b6ca43d5f0e1924ac7232b2a8a9af241b 1 parent 5fd87bf
sam_marshall authored
Showing with 31 additions and 1 deletion.
  1. +11 −1 course/lib.php
  2. +20 −0 lib/datalib.php
View
12 course/lib.php
@@ -296,6 +296,11 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
//Filter log->info
$log->info = format_string($log->info);
+ // If $log->url has been trimmed short by the db size restriction
+ // code in add_to_log, keep a note so we don't add a link to a broken url
+ $tl=textlib_get_instance();
+ $brokenurl=($tl->strlen($log->url)==100 && $tl->substr($log->url,97)=='...');
+
$log->url = strip_tags(urldecode($log->url)); // Some XSS protection
$log->info = strip_tags(urldecode($log->info)); // Some XSS protection
$log->url = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
@@ -320,7 +325,12 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
echo " <a href=\"$CFG->wwwroot/user/view.php?id={$log->userid}&amp;course={$log->course}\">$fullname</a>\n";
echo "</td>\n";
echo "<td class=\"cell c4\">\n";
- link_to_popup_window( make_log_url($log->module,$log->url), 'fromloglive',"$log->module $log->action", 440, 700);
+ $displayaction="$log->module $log->action";
+ if($brokenurl) {
+ echo $displayaction;
+ } else {
+ link_to_popup_window( make_log_url($log->module,$log->url), 'fromloglive',$displayaction, 440, 700);
+ }
echo "</td>\n";;
echo "<td class=\"cell c5\">{$log->info}</td>\n";
echo "</tr>\n";
View
20 lib/datalib.php
@@ -1878,6 +1878,26 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user
$url = html_entity_decode($url); // for php < 4.3.0 this is defined in moodlelib.php
}
+ // Restrict length of log lines to the space actually available in the
+ // database so that it doesn't cause a DB error. Log a warning so that
+ // developers can avoid doing things which are likely to cause this on a
+ // routine basis.
+ $tl=textlib_get_instance();
+ if(!empty($info) && $tl->strlen($info)>255) {
+ $info=$tl->substr($info,0,252).'...';
+ debugging('Warning: logged very long info',DEBUG_DEVELOPER);
+ }
+ // Note: Unlike $info, URL appears to be already slashed before this function
+ // is called. Since database limits are for the data before slashes, we need
+ // to remove them...
+ $url=stripslashes($url);
+ // If the 100 field size is changed, also need to alter print_log in course/lib.php
+ if(!empty($url) && $tl->strlen($url)>100) {
+ $url=$tl->substr($url,0,97).'...';
+ debugging('Warning: logged very long URL',DEBUG_DEVELOPER);
+ }
+ $url=addslashes($url);
+
if (defined('MDL_PERFDB')) { global $PERF ; $PERF->dbqueries++; $PERF->logwrites++;};
if ($CFG->type = 'oci8po') {
Please sign in to comment.
Something went wrong with that request. Please try again.