From: Alexander Ebert Date: Mon, 14 Dec 2020 17:44:41 +0000 (+0100) Subject: Prevent the unintentional removal of values for groups that are not being edited X-Git-Tag: 5.3.2~40^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4d96fd9912b10a34d9f7e123254fe4e81b190f7b;p=GitHub%2FWoltLab%2FWCF.git Prevent the unintentional removal of values for groups that are not being edited --- diff --git a/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php b/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php index f534d0f346..38509a1ef1 100644 --- a/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php +++ b/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php @@ -2,6 +2,7 @@ namespace wcf\data\user\group\option; use wcf\data\user\group\UserGroupEditor; use wcf\data\AbstractDatabaseObjectAction; +use wcf\system\database\util\PreparedStatementConditionBuilder; use wcf\system\WCF; /** @@ -26,15 +27,21 @@ class UserGroupOptionAction extends AbstractDatabaseObjectAction { * Updates option values for given option id. */ public function updateValues() { + /** @var UserGroupOption $option */ $option = current($this->objects); + $conditions = new PreparedStatementConditionBuilder(); + $conditions->add("optionID = ?", [$option->optionID]); + if (!empty($this->parameters['values'])) { + $groupIDs = array_keys($this->parameters['values']); + $conditions->add("groupID IN (?)", [$groupIDs]); + } + // remove old values $sql = "DELETE FROM wcf".WCF_N."_user_group_option_value - WHERE optionID = ?"; + ".$conditions; $statement = WCF::getDB()->prepareStatement($sql); - $statement->execute([ - $option->optionID - ]); + $statement->execute($conditions->getParameters()); if (!empty($this->parameters['values'])) { $sql = "INSERT INTO wcf".WCF_N."_user_group_option_value