From 86f97c625e8bb9d583f52f61b384f44ce3fdacd0 Mon Sep 17 00:00:00 2001
From: Jun Pataleta <jun@moodle.com>
Date: Mon, 28 Mar 2022 13:08:47 +0800
Subject: [PATCH] MDL-74321 mod_forum: Forum_check_throttling improvements and
 fixes

* Fetch only the fields required by the function.
* Quick validation of the passed forum parameter. If the forum parameter
is an object, it should have the forum ID and the course ID.
* Default return when there's no need to show a warning yet.
---
 mod/forum/lib.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/mod/forum/lib.php b/mod/forum/lib.php
index c3d54972101..8bbdcfe0644 100644
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@@ -5038,11 +5038,16 @@ function forum_check_throttling($forum, $cm = null) {
     global $CFG, $DB, $USER;
 
     if (is_numeric($forum)) {
-        $forum = $DB->get_record('forum', array('id' => $forum), '*', MUST_EXIST);
+        $forum = $DB->get_record('forum', ['id' => $forum], 'id, course, blockperiod, blockafter, warnafter', MUST_EXIST);
     }
 
-    if (!is_object($forum)) {
-        return false; // This is broken.
+    if (!is_object($forum) || !isset($forum->id) || !isset($forum->course)) {
+        // The passed forum parameter is invalid. This can happen if:
+        // - a non-object and non-numeric forum is passed; or
+        // - the forum object does not have an ID or course attributes.
+        // This is unlikely to happen with properly formed forum record fetched from the database,
+        // so it's most likely a dev error if we hit such this case.
+        throw new coding_exception('Invalid forum parameter passed');
     }
 
     if (empty($forum->blockafter)) {
@@ -5108,6 +5113,9 @@ function forum_check_throttling($forum, $cm = null) {
 
         return $warning;
     }
+
+    // No warning needs to be shown yet.
+    return false;
 }
 
 /**