Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-31072: Fixed bug causing memory overflow for many-user systems:

when function find_users was supposed to be used for user validation but no userids were passed to it, it retrieved all users in the system.
This caused memory overflow on systems with too many users (like moodle.org).
Now we make sure that find_users is not called for validation if there is nobody to validate.

Also improved query inside find_users to make it work faster
  • Loading branch information...
commit ee5cf900f8b7d3f3e1cd8f8e9be742ded70debc3 1 parent f70f6e9
@marinaglancy marinaglancy authored
Showing with 9 additions and 11 deletions.
  1. +4 −6 admin/roles/lib.php
  2. +5 −5 user/selector/lib.php
View
10 admin/roles/lib.php
@@ -1044,10 +1044,9 @@ public function find_users($search) {
$sql = " FROM {user} u
WHERE u.id IN ($enrolsql) $wherecondition
AND u.id NOT IN (
- SELECT u.id
- FROM {role_assignments} r, {user} u
+ SELECT r.userid
+ FROM {role_assignments} r
WHERE r.contextid = :contextid
- AND u.id = r.userid
AND r.roleid = :roleid)";
$order = ' ORDER BY lastname ASC, firstname ASC';
@@ -1096,10 +1095,9 @@ public function find_users($search) {
$sql = " FROM {user}
WHERE $wherecondition
AND id NOT IN (
- SELECT u.id
- FROM {role_assignments} r, {user} u
+ SELECT r.userid
+ FROM {role_assignments} r
WHERE r.contextid = :contextid
- AND u.id = r.userid
AND r.roleid = :roleid)";
$order = ' ORDER BY lastname ASC, firstname ASC';
View
10 user/selector/lib.php
@@ -369,13 +369,13 @@ protected function load_selected_users() {
// See if we got anything.
if ($this->multiselect) {
$userids = optional_param_array($this->name, array(), PARAM_INTEGER);
- } else {
- $userid = optional_param($this->name, 0, PARAM_INTEGER);
- if (empty($userid)) {
- return array();
- }
+ } else if ($userid = optional_param($this->name, 0, PARAM_INTEGER)) {
$userids = array($userid);
}
+ // If there are no users there is nobody to load
+ if (empty($userids)) {
+ return array();
+ }
// If we did, use the find_users method to validate the ids.
$this->validatinguserids = $userids;
Please sign in to comment.
Something went wrong with that request. Please try again.