From 4d96fd9912b10a34d9f7e123254fe4e81b190f7b Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Mon, 14 Dec 2020 18:44:41 +0100 Subject: [PATCH] Prevent the unintentional removal of values for groups that are not being edited --- .../group/option/UserGroupOptionAction.class.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php b/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php index f534d0f346..38509a1ef1 100644 --- a/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php +++ b/wcfsetup/install/files/lib/data/user/group/option/UserGroupOptionAction.class.php @@ -2,6 +2,7 @@ namespace wcf\data\user\group\option; use wcf\data\user\group\UserGroupEditor; use wcf\data\AbstractDatabaseObjectAction; +use wcf\system\database\util\PreparedStatementConditionBuilder; use wcf\system\WCF; /** @@ -26,15 +27,21 @@ class UserGroupOptionAction extends AbstractDatabaseObjectAction { * Updates option values for given option id. */ public function updateValues() { + /** @var UserGroupOption $option */ $option = current($this->objects); + $conditions = new PreparedStatementConditionBuilder(); + $conditions->add("optionID = ?", [$option->optionID]); + if (!empty($this->parameters['values'])) { + $groupIDs = array_keys($this->parameters['values']); + $conditions->add("groupID IN (?)", [$groupIDs]); + } + // remove old values $sql = "DELETE FROM wcf".WCF_N."_user_group_option_value - WHERE optionID = ?"; + ".$conditions; $statement = WCF::getDB()->prepareStatement($sql); - $statement->execute([ - $option->optionID - ]); + $statement->execute($conditions->getParameters()); if (!empty($this->parameters['values'])) { $sql = "INSERT INTO wcf".WCF_N."_user_group_option_value -- 2.20.1