From 6c5a2108b5e3c54c9acd8f5c5ce46101bcecccd1 Mon Sep 17 00:00:00 2001 From: sam_marshall Date: Thu, 13 Mar 2008 15:32:08 +0000 Subject: [PATCH] MDL-13915: Fixed add_to_log when very long url is specified (now doesn't try to insert more than 100 chars into database) --- course/lib.php | 12 +++++++++++- lib/datalib.php | 20 ++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/course/lib.php b/course/lib.php index 567d0b0715..d5853e5882 100644 --- a/course/lib.php +++ b/course/lib.php @@ -296,6 +296,11 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per //Filter log->info $log->info = format_string($log->info); + // If $log->url has been trimmed short by the db size restriction + // code in add_to_log, keep a note so we don't add a link to a broken url + $tl=textlib_get_instance(); + $brokenurl=($tl->strlen($log->url)==100 && $tl->substr($log->url,97)=='...'); + $log->url = strip_tags(urldecode($log->url)); // Some XSS protection $log->info = strip_tags(urldecode($log->info)); // Some XSS protection $log->url = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!! @@ -320,7 +325,12 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per echo " wwwroot/user/view.php?id={$log->userid}&course={$log->course}\">$fullname\n"; echo "\n"; echo "\n"; - link_to_popup_window( make_log_url($log->module,$log->url), 'fromloglive',"$log->module $log->action", 440, 700); + $displayaction="$log->module $log->action"; + if($brokenurl) { + echo $displayaction; + } else { + link_to_popup_window( make_log_url($log->module,$log->url), 'fromloglive',$displayaction, 440, 700); + } echo "\n";; echo "{$log->info}\n"; echo "\n"; diff --git a/lib/datalib.php b/lib/datalib.php index b550ea781c..8492806c6d 100644 --- a/lib/datalib.php +++ b/lib/datalib.php @@ -1878,6 +1878,26 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user $url = html_entity_decode($url); // for php < 4.3.0 this is defined in moodlelib.php } + // Restrict length of log lines to the space actually available in the + // database so that it doesn't cause a DB error. Log a warning so that + // developers can avoid doing things which are likely to cause this on a + // routine basis. + $tl=textlib_get_instance(); + if(!empty($info) && $tl->strlen($info)>255) { + $info=$tl->substr($info,0,252).'...'; + debugging('Warning: logged very long info',DEBUG_DEVELOPER); + } + // Note: Unlike $info, URL appears to be already slashed before this function + // is called. Since database limits are for the data before slashes, we need + // to remove them... + $url=stripslashes($url); + // If the 100 field size is changed, also need to alter print_log in course/lib.php + if(!empty($url) && $tl->strlen($url)>100) { + $url=$tl->substr($url,0,97).'...'; + debugging('Warning: logged very long URL',DEBUG_DEVELOPER); + } + $url=addslashes($url); + if (defined('MDL_PERFDB')) { global $PERF ; $PERF->dbqueries++; $PERF->logwrites++;}; if ($CFG->type = 'oci8po') { -- 2.39.5