MDL-17806 fixed sql_bit_and use which returns number and that is why it is not suitable for SQL conditions; thanks penny!

Fixed DML docs too.
2025-01-18 05:58:34 +01:00 · 2009-01-07 18:55:32 +00:00 · 2009-01-07 18:55:32 +00:00 · c643c2f513
commit c643c2f513
parent 84b88cfde7
2 changed files with 17 additions and 7 deletions
--- a/admin/report/security/lib.php
+++ b/admin/report/security/lib.php
@ -481,7 +481,7 @@ function report_security_check_riskxss($detailed=false) {
                JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'").")
                JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid)
                JOIN {user} u ON u.id = ra.userid
-               WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)."
+               WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0
                     AND rc.permission = :capallow
                     AND u.deleted = 0";

@ -540,7 +540,7 @@ function report_security_check_defaultuserrole($detailed=false) {
    $sql = "SELECT COUNT(DISTINCT rc.contextid)
              FROM {role_capabilities} rc
              JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                   AND rc.permission = :capallow
                   AND rc.roleid = :roleid";

@ -619,7 +619,7 @@ function report_security_check_guestrole($detailed=false) {
    $sql = "SELECT COUNT(DISTINCT rc.contextid)
              FROM {role_capabilities} rc
              JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                   AND rc.permission = :capallow
                   AND rc.roleid = :roleid";

@ -695,7 +695,7 @@ function report_security_check_frontpagerole($detailed=false) {
    $sql = "SELECT COUNT(DISTINCT rc.contextid)
              FROM {role_capabilities} rc
              JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                   AND rc.permission = :capallow
                   AND rc.roleid = :roleid";

@ -784,7 +784,7 @@ function report_security_check_defaultcourserole($detailed=false) {
    $sql = "SELECT DISTINCT rc.contextid
              FROM {role_capabilities} rc
              JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                   AND rc.permission = :capallow
                   AND rc.roleid = :roleid";

@ -901,7 +901,7 @@ function report_security_check_courserole($detailed=false) {
    $sql = "SELECT rc.roleid, rc.contextid
              FROM {role_capabilities} rc
              JOIN {capabilities} cap ON cap.name = rc.capability
-             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))."
+             WHERE ".$DB->sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0
                   AND rc.permission = :capallow
                   AND rc.roleid $inroles
          GROUP BY rc.roleid, rc.contextid
--- a/lib/dml/moodle_database.php
+++ b/lib/dml/moodle_database.php
@ -1400,9 +1400,13 @@ abstract class moodle_database {
    /**
     * Returns the SQL text to be used in order to perform one bitwise AND operation
     * between 2 integers.
+     *
+     * NOTE: The SQL result is a number and can not be used directly in
+     *       SQL condition, please compare it to some number to get a bool!!
+     *
     * @param integer int1 first integer in the operation
     * @param integer int2 second integer in the operation
-     * @return string the piece of SQL code to be used in your statement.
+     * @return string the piece of SQL code to be used in your statement
     */
    public function sql_bitand($int1, $int2) {
        return '((' . $int1 . ') & (' . $int2 . '))';
@ -1423,6 +1427,9 @@ abstract class moodle_database {
     * Returns the SQL text to be used in order to perform one bitwise OR operation
     * between 2 integers.
     *
+     * NOTE: The SQL result is a number and can not be used directly in
+     *       SQL condition, please compare it to some number to get a bool!!
+     *
     * @param integer int1 first integer in the operation
     * @param integer int2 second integer in the operation
     * @return string the piece of SQL code to be used in your statement.
@ -1435,6 +1442,9 @@ abstract class moodle_database {
     * Returns the SQL text to be used in order to perform one bitwise XOR operation
     * between 2 integers.
     *
+     * NOTE: The SQL result is a number and can not be used directly in
+     *       SQL condition, please compare it to some number to get a bool!!
+     *
     * @param integer int1 first integer in the operation
     * @param integer int2 second integer in the operation
     * @return string the piece of SQL code to be used in your statement.