projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d14a275) | patch
Fix conditions for MultiSelectOptionType
authorTim Düsterhus <duesterhus@woltlab.com>
Fri, 9 Jul 2021 14:58:42 +0000 (16:58 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Mon, 9 Aug 2021 13:03:35 +0000 (15:03 +0200)
commitad8517ba26cfbf0474d91807e595f6dcc6ac6f3b
tree80a5bac9d7bce9968cc297e743e58bd986d992b6tree | snapshot (tar.gz zip)
parentd14a2759140f7546fea04960406cda9dea7cef04commit | diff
Fix conditions for MultiSelectOptionType

This cleans up the SQL conditions used for searching for users with a specific
selection and fixes the following issues:

- It avoids the use of `escapeString()` in favor of proper prepared statements.
- It avoids the use of `preg_quote()` to escape a regular expression for use in
  MySQL, which might not be safe.
- It fixes matching when the options are later reordered, as the saved value is
  not being normalized and instead reused the order of the options within the
  select.

The generated query does not look great, but is not really worse than the
regular expression either.

In the future it might be possible to migrate this option type to a JSON based
storage and to use `JSON_CONTAINS()`.
wcfsetup/install/files/lib/system/option/MultiSelectOptionType.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)