From: skodak Date: Wed, 28 Jan 2009 22:45:07 +0000 (+0000) Subject: MDL-18040 rewritten XSS query, I hope this will be much faster X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=43995076c6727f637743ef9f3e1a18b957cc680a;p=moodle.git MDL-18040 rewritten XSS query, I hope this will be much faster --- diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php index a1eed212c2..10bc5b0c63 100644 --- a/admin/report/security/lib.php +++ b/admin/report/security/lib.php @@ -484,15 +484,16 @@ function report_security_check_riskxss($detailed=false) { $params = array('capallow'=>CAP_ALLOW); - $sqlfrom = "FROM {role_capabilities} rc - JOIN {capabilities} cap ON cap.name = rc.capability - JOIN {context} c ON c.id = rc.contextid - JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").") - JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid) - JOIN {user} u ON u.id = ra.userid - WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0 - AND rc.permission = :capallow - AND u.deleted = 0"; + $sqlfrom = "FROM (SELECT rcx.* FROM {role_capabilities} rcx JOIN {capabilities} cap ON (cap.name = rcx.capability AND ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0))rc, + {context} c, + {context} sc, + {role_assignments} ra, + {user} u + WHERE c.id = rc.contextid + AND (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").") + AND u.id = ra.userid + AND ra.contextid = sc.id AND ra.roleid = rc.roleid + AND rc.permission = :capallow AND u.deleted = 0"; $count = $DB->count_records_sql("SELECT COUNT(DISTINCT u.id) $sqlfrom", $params);