Potential issue with artefact chooser and getting group artefacts

Bug #1979921 reported by Robert Lyon
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Mahara
21.04
Fix Released
Medium
Unassigned
21.10
Fix Released
Medium
Unassigned
22.04
Fix Released
Medium
Unassigned
22.10
Fix Released
Medium
Unassigned

Bug Description

There is an issue with View::get_artefactchooser_artefacts() if we pass it a $group identifier as a integer rather than a string or a class.

We need to fix that up so a group ID passed in as integer is also handled other wise the error below can occur.

The was reported by a community member and the only way I could replicate it was doing the following.

Make this change:

diff --git a/htdocs/blocktype/lib.php b/htdocs/blocktype/lib.php
index 1bb21f32af..816969a241 100644
--- a/htdocs/blocktype/lib.php
+++ b/htdocs/blocktype/lib.php
@@ -2337,7 +2337,7 @@ class BlockInstance {
         list($allowed, $count) = View::get_artefactchooser_artefacts(
             $searchdata,
             $this->get_view()->get('owner'),
- $this->get_view()->get('group'),
+ (int)$this->get_view()->get('group'),
             $this->get_view()->get('institution'),
             true
         );

Then create a new group and on the group homepage click 'edit'.
Add a new block of content type 'image' to the page, upload an image to 'group files' tab, select it and click save.
Then resize the image by dragging its corner to make it wider and higher.
Reload page and see the error.

But as they got the error without altering the code it would be best to harden the View::get_artefactchooser_artefacts() so it can deal with integer correctly.

[WAR] f1 (lib/view.php:3841) get_class() expects parameter 1 to be object, int given

Call stack (most recent first):
log_message("get_class() expects parameter 1 to be object, int ...", 8, true, true, "/var/www/html/mahara.abc.xyz/lib/v...", 3841) at /var/www/html/mahara.abc.xyz/lib/errors.php:515
error(2, "get_class() expects parameter 1 to be object, int ...", "/var/www/html/mahara.abc.xyz/lib/v...", 3841, array(size 19)) at /var/www/html/mahara.abc.xyz/lib/view.php:3841
View::get_artefactchooser_artefacts(array(size 2), null, 603, null, true) at /var/www/html/mahara.abc.xyz/blocktype/lib.php:2336
BlockInstance->rebuild_artefact_list() at /var/www/html/mahara.abc.xyz/blocktype/lib.php:2275
BlockInstance->commit() at /var/www/html/mahara.abc.xyz/lib/view.php:2829
View->moveblockinstance(array(size 7)) at /var/www/html/mahara.abc.xyz/lib/view.php:2107
View->process_changes() at /var/www/html/mahara.abc.xyz/view/blocks.json.php:30

[WAR] f1 (lib/errors.php:853) Failed to get a recordset: mysqli error: [0: ] in EXECUTE("SELECT DISTINCT agg.* FROM (SELECT a.id, a.id AS b FROM "artefact" a LEFT JOIN "tag" t ON t.resourcetype = 'artefact' AND a.id = t.resourceid
            LEFT OUTER JOIN (
                SELECT
                    r.artefact, r.can_view, r.can_edit, m.group
                FROM
                    "group_member" m
                    JOIN "artefact" aa ON aa.group = m.group
                    JOIN "artefact_access_role" r ON aa.id = r.artefact AND r.role = m.role
                WHERE
                    m.group = ?
                    AND m.member = ?
                    AND r.can_view = 1
            ) ga ON (ga.group = a.group AND a.id = ga.artefact) WHERE (a.institution = 'mahara' OR ga.can_view = 1 OR a.owner = ?) AND a.id = 291249) AS agg")Command was: SELECT DISTINCT agg.* FROM (SELECT a.id, a.id AS b FROM "artefact" a LEFT JOIN "tag" t ON t.resourcetype = 'artefact' AND a.id = t.resourceid
            LEFT OUTER JOIN (
                SELECT
                    r.artefact, r.can_view, r.can_edit, m.group
                FROM
                    "group_member" m
                    JOIN "artefact" aa ON aa.group = m.group
                    JOIN "artefact_access_role" r ON aa.id = r.artefact AND r.role = m.role
                WHERE
                    m.group = ?
                    AND m.member = ?
                    AND r.can_view = 1
            ) ga ON (ga.group = a.group AND a.id = ga.artefact) WHERE (a.institution = 'mahara' OR ga.can_view = 1 OR a.owner = ?) AND a.id = 291249) AS agg and values was (0:1135)

Call stack (most recent first):
log_message("Failed to get a recordset: mysqli error: [0: ] in ...", 8, true, true) at /var/www/html/mahara.abc.xyz/lib/errors.php:89
log_warn("Failed to get a recordset: mysqli error: [0: ] in ...") at /var/www/html/mahara.abc.xyz/lib/errors.php:853
SQLException->__construct("Failed to get a recordset: mysqli error: [0: ] in ...") at /var/www/html/mahara.abc.xyz/lib/dml.php:540
get_recordset_sql("SELECT DISTINCT agg.* FROM (SELECT a.id, a.id AS b...", array(size 1), null, null) at /var/www/html/mahara.abc.xyz/lib/dml.php:720
get_records_sql_assoc("SELECT DISTINCT agg.* FROM (SELECT a.id, a.id AS b...", array(size 1), null, null) at /var/www/html/mahara.abc.xyz/lib/view.php:3967
View::get_artefactchooser_artefacts(array(size 2), null, 603, null, true) at /var/www/html/mahara.abc.xyz/blocktype/lib.php:2336
BlockInstance->rebuild_artefact_list() at /var/www/html/mahara.abc.xyz/blocktype/lib.php:2275
BlockInstance->commit() at /var/www/html/mahara.abc.xyz/lib/view.php:2829
View->moveblockinstance(array(size 7)) at /var/www/html/mahara.abc.xyz/lib/view.php:2107
View->process_changes() at /var/www/html/mahara.abc.xyz/view/blocks.json.php:30

Robert Lyon (robertl-9)
Changed in mahara:
milestone: none → 22.10.0
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/c/mahara/+/12960
Committed: https://git.mahara.org/mahara/mahara/commit/56dfed7fd53f5415c1a06053c5d56ec6ba06cabd
Submitter: "Robert Lyon <email address hidden>"
Branch: main

commit 56dfed7fd53f5415c1a06053c5d56ec6ba06cabd
Author: Robert Lyon <email address hidden>
Date: Mon Jun 27 10:03:37 2022 +1200

Bug 1979921: Allow for checking if $group id is integer

Currently we only check if string or class when calling
View::get_artefactchooser_artefacts() and dealing with group
information.

Change-Id: Ifd3bcbd46db87ccdd44ce257b8a40a300702fe4d
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9)
Changed in mahara:
status: In Progress → Fix Committed
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "22.04_DEV" branch: https://reviews.mahara.org/c/mahara/+/13080

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "21.10_DEV" branch: https://reviews.mahara.org/c/mahara/+/13081

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "21.04_DEV" branch: https://reviews.mahara.org/c/mahara/+/13082

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/c/mahara/+/13082
Committed: https://git.mahara.org/mahara/mahara/commit/1c626c90b9d02535cff0e4708df3efc3f340aaa4
Submitter: "Robert Lyon <email address hidden>"
Branch: 21.04_DEV

commit 1c626c90b9d02535cff0e4708df3efc3f340aaa4
Author: Robert Lyon <email address hidden>
Date: Mon Jun 27 10:03:37 2022 +1200

Bug 1979921: Allow for checking if $group id is integer

Currently we only check if string or class when calling
View::get_artefactchooser_artefacts() and dealing with group
information.

Change-Id: Ifd3bcbd46db87ccdd44ce257b8a40a300702fe4d
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 56dfed7fd53f5415c1a06053c5d56ec6ba06cabd)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/c/mahara/+/13081
Committed: https://git.mahara.org/mahara/mahara/commit/9ac6db61762d6b02cd394be7e430aa4ec3e2ed52
Submitter: "Robert Lyon <email address hidden>"
Branch: 21.10_DEV

commit 9ac6db61762d6b02cd394be7e430aa4ec3e2ed52
Author: Robert Lyon <email address hidden>
Date: Mon Jun 27 10:03:37 2022 +1200

Bug 1979921: Allow for checking if $group id is integer

Currently we only check if string or class when calling
View::get_artefactchooser_artefacts() and dealing with group
information.

Change-Id: Ifd3bcbd46db87ccdd44ce257b8a40a300702fe4d
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 56dfed7fd53f5415c1a06053c5d56ec6ba06cabd)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/c/mahara/+/13080
Committed: https://git.mahara.org/mahara/mahara/commit/2af43c9f952b873f57370c81785c7b458d55034a
Submitter: "Robert Lyon <email address hidden>"
Branch: 22.04_DEV

commit 2af43c9f952b873f57370c81785c7b458d55034a
Author: Robert Lyon <email address hidden>
Date: Mon Jun 27 10:03:37 2022 +1200

Bug 1979921: Allow for checking if $group id is integer

Currently we only check if string or class when calling
View::get_artefactchooser_artefacts() and dealing with group
information.

Change-Id: Ifd3bcbd46db87ccdd44ce257b8a40a300702fe4d
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 56dfed7fd53f5415c1a06053c5d56ec6ba06cabd)

no longer affects: mahara
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.