Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-8228

Suggested sanity check code for uploaduser.php to prevent database corruption

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.9
    • 1.7
    • Administration
    • None
    • Any
    • MOODLE_17_STABLE
    • MOODLE_19_STABLE

      We recently scrambled up some fields in our mdl_users table because we fed the uploadusers.php script a badly formatted csv file. The problem with the cvs file was that it had been generated by a jsp application called through a web request (to our school's enrollment management system), then saved out of the browser. The browser, unfortunately, put hard line returns in at 60 characters, and decoded the special encoding of commas that moodle expects (they're html entities, after all). We were able to clean up the damage, but it took a few hours and caused much grief for our end users (what's going on? the system says my last name is "Graduate School of Library and Information Science!").

      Of course we can avoid the problem by being more careful about how we retrieve the jsp output and creating a txt file to upload... but I also believe the moodle code should be able to reject a file that is so obviously wrong. I'd like to see the following sanity check added to uploaduser.php. This goes right after the code to fix mac/dos line returns. It also needs a new string to be defined, probably in error.php. The text we are using is:

      $string['uploaduserinvaliddelimiters'] = 'The file could not be processed because it is not properly formatted. At least one line in the file contains a different number of delimiters than the header line. This can be caused by hard wraps, or fields that have not been properly encoded with comma substitutions.';

      ----------------------------------------------------
      // sanity check for mismatched lines.. all lines should have the same number of delimiters.
      // if not, the file might have hard wraps or unencoded delimiters inside a field
      // error out if that's the case to avoid scrambling data in the mdl_user table
      foreach (split("\n", $text) as $checkline) {
      if (trim($checkline) != '') {
      $checklinefields=split($csv_delimiter, $checkline);
      // first time through, stash the header field count
      if (!isset($headerfieldcount))

      { $headerfieldcount=count($checklinefields); }

      if (count($checklinefields) != $headerfieldcount)

      { error(get_string('uploaduserinvaliddelimiters'), 'uploaduser.php?sesskey='.$USER->sesskey); }

      }
      }
      ----------------------------

            skodak Petr Skoda
            garretg Garret Gengler (Inactive)
            Nobody Nobody (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.