General developer forum

 
 
Picture of Ewout ter Haar
Big gradebook and PHP5.3.9
 

We discovered an interesting issue with a very recent (10 jan 2012) version of PHP 5.3.9 and the gradebook. When grades are updated in a very large gradebook (say 40 or 50 columns, say 25 students), we are rapidly in a situation where the browser sends more then a thousand gradeitems in the POST request to the server. In fact, what we saw was that grades of students A-M (say) would be updated, but students (N-Z) grades would not.

As it turns out, PHP5.3.9 introduces a new variable “Added max_input_vars directive to prevent attacks based on hash collisions”. This is supossed to mitigate against denial of service attacks. Its default value is 1000, explaining the behavior.

The solution is setting the new variable max_input_vars to a higher value, maybe by putting the line

php_value max_input_vars 10000

in your .htaccess file. 

Maybe there are other situations where this unexpected behavior surfaces, we only encountered it in the gradebook. 

Hope this helps someone. 

 
Average of ratings: -
Picture of Alex Walker
Re: Big gradebook and PHP5.3.9
Group Particularly helpful Moodlers

Thanks for the heads up.

With this new hash collision DDOS, it was only a matter of time before this was integrated in PHP.

 
Average of ratings: -
Picture of Andrew Davis
Re: Big gradebook and PHP5.3.9
Group DevelopersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

There are a few issues in tracker that sound like they may be the same problem (or very similar).

MDL-29181

MDL-26275 (disabling Suhosin may also get this working)

 
Average of ratings: -
Picture of Leslie Harris
Re: Big gradebook and PHP5.3.9
 

We are having a very similar problem with the Gradebook, but we are only on php version 5.1.6.  We have a Gradebook in one course with 15 columns and 43 rows.  Using the spreadsheet interface, you can save grades up to last names beginning with "W", but for the rest of the students in a particular column, clicking the "Update" button doesn't save any data.

Any ideas for how to fix this, if we're *not* at php 5.3.9?

Leslie Harris
Bucknell University

 
Average of ratings: -