From c643c2f5136a9a5c8357629879cd4e5dad2a2070 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Wed, 7 Jan 2009 18:55:32 +0000
Subject: [PATCH] MDL-17806 fixed sql_bit_and use which returns number and that
 is why it is not suitable for SQL conditions; thanks penny! Fixed DML docs
 too.

---
 admin/report/security/lib.php | 12 ++++++------
 lib/dml/moodle_database.php   | 12 +++++++++++-
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php
index 7cb17c060f..7232e5f323 100644
--- a/admin/report/security/lib.php
+++ b/admin/report/security/lib.php
@@ -481,7 +481,7 @@ function report_security_check_riskxss($detailed=false) {
                 JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'").")
                 JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid)
                 JOIN {user} u ON u.id = ra.userid
-               WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)."
+               WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0
                      AND rc.permission = :capallow
                      AND u.deleted = 0";
 
@@ -540,7 +540,7 @@ function report_security_check_defaultuserrole($detailed=false) {
     $sql = "SELECT COUNT(DISTINCT rc.contextid)
               FROM {role_capabilities} rc
               JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                    AND rc.permission = :capallow
                    AND rc.roleid = :roleid";
 
@@ -619,7 +619,7 @@ function report_security_check_guestrole($detailed=false) {
     $sql = "SELECT COUNT(DISTINCT rc.contextid)
               FROM {role_capabilities} rc
               JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                    AND rc.permission = :capallow
                    AND rc.roleid = :roleid";
 
@@ -695,7 +695,7 @@ function report_security_check_frontpagerole($detailed=false) {
     $sql = "SELECT COUNT(DISTINCT rc.contextid)
               FROM {role_capabilities} rc
               JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                    AND rc.permission = :capallow
                    AND rc.roleid = :roleid";
 
@@ -784,7 +784,7 @@ function report_security_check_defaultcourserole($detailed=false) {
     $sql = "SELECT DISTINCT rc.contextid
               FROM {role_capabilities} rc
               JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                    AND rc.permission = :capallow
                    AND rc.roleid = :roleid";
 
@@ -901,7 +901,7 @@ function report_security_check_courserole($detailed=false) {
     $sql = "SELECT rc.roleid, rc.contextid
               FROM {role_capabilities} rc
               JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                    AND rc.permission = :capallow
                    AND rc.roleid $inroles
           GROUP BY rc.roleid, rc.contextid
diff --git a/lib/dml/moodle_database.php b/lib/dml/moodle_database.php
index 658de1c412..5e72d65d34 100644
--- a/lib/dml/moodle_database.php
+++ b/lib/dml/moodle_database.php
@@ -1400,9 +1400,13 @@ abstract class moodle_database {
     /**
      * Returns the SQL text to be used in order to perform one bitwise AND operation
      * between 2 integers.
+     *
+     * NOTE: The SQL result is a number and can not be used directly in
+     *       SQL condition, please compare it to some number to get a bool!!
+     *
      * @param integer int1 first integer in the operation
      * @param integer int2 second integer in the operation
-     * @return string the piece of SQL code to be used in your statement.
+     * @return string the piece of SQL code to be used in your statement
      */
     public function sql_bitand($int1, $int2) {
         return '((' . $int1 . ') & (' . $int2 . '))';
@@ -1423,6 +1427,9 @@ abstract class moodle_database {
      * Returns the SQL text to be used in order to perform one bitwise OR operation
      * between 2 integers.
      *
+     * NOTE: The SQL result is a number and can not be used directly in
+     *       SQL condition, please compare it to some number to get a bool!!
+     *
      * @param integer int1 first integer in the operation
      * @param integer int2 second integer in the operation
      * @return string the piece of SQL code to be used in your statement.
@@ -1435,6 +1442,9 @@ abstract class moodle_database {
      * Returns the SQL text to be used in order to perform one bitwise XOR operation
      * between 2 integers.
      *
+     * NOTE: The SQL result is a number and can not be used directly in
+     *       SQL condition, please compare it to some number to get a bool!!
+     *
      * @param integer int1 first integer in the operation
      * @param integer int2 second integer in the operation
      * @return string the piece of SQL code to be used in your statement.
-- 
2.39.5