MDL-13915: Fixed add_to_log when very long url is specified (now doesn't try to insert more than 100 chars into database)

2025-04-21 00:12:56 +02:00 · 2008-03-13 15:32:08 +00:00 · 2008-03-13 15:32:08 +00:00 · 6c5a2108b5
commit 6c5a2108b5
parent 7bd75cb3c1
2 changed files with 31 additions and 1 deletions
--- a/course/lib.php
+++ b/course/lib.php
@ -296,6 +296,11 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
        //Filter log->info
        $log->info = format_string($log->info);

+        // If $log->url has been trimmed short by the db size restriction
+        // code in add_to_log, keep a note so we don't add a link to a broken url
+        $tl=textlib_get_instance();
+        $brokenurl=($tl->strlen($log->url)==100 && $tl->substr($log->url,97)=='...');
+
        $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
        $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
@ -320,7 +325,12 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
        echo "    <a href=\"$CFG->wwwroot/user/view.php?id={$log->userid}&amp;course={$log->course}\">$fullname</a>\n";
        echo "</td>\n";
        echo "<td class=\"cell c4\">\n";
-        link_to_popup_window( make_log_url($log->module,$log->url), 'fromloglive',"$log->module $log->action", 440, 700);
+        $displayaction="$log->module $log->action";
+        if($brokenurl) {
+            echo $displayaction;
+        } else {
+            link_to_popup_window( make_log_url($log->module,$log->url), 'fromloglive',$displayaction, 440, 700);
+        }
        echo "</td>\n";;
        echo "<td class=\"cell c5\">{$log->info}</td>\n";
        echo "</tr>\n";
--- a/lib/datalib.php
+++ b/lib/datalib.php
@ -1878,6 +1878,26 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user
        $url = html_entity_decode($url); // for php < 4.3.0 this is defined in moodlelib.php
    }

+    // Restrict length of log lines to the space actually available in the
+    // database so that it doesn't cause a DB error. Log a warning so that
+    // developers can avoid doing things which are likely to cause this on a
+    // routine basis.
+    $tl=textlib_get_instance();
+    if(!empty($info) && $tl->strlen($info)>255) {
+        $info=$tl->substr($info,0,252).'...';
+        debugging('Warning: logged very long info',DEBUG_DEVELOPER);
+    }
+    // Note: Unlike $info, URL appears to be already slashed before this function
+    // is called. Since database limits are for the data before slashes, we need
+    // to remove them...
+    $url=stripslashes($url);
+    // If the 100 field size is changed, also need to alter print_log in course/lib.php
+    if(!empty($url) && $tl->strlen($url)>100) {
+        $url=$tl->substr($url,0,97).'...';
+        debugging('Warning: logged very long URL',DEBUG_DEVELOPER);
+    }
+    $url=addslashes($url);
+
    if (defined('MDL_PERFDB')) { global $PERF ; $PERF->dbqueries++; $PERF->logwrites++;};

    if ($CFG->type = 'oci8po') {