-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.0] Fix deleting user groups #28687
Conversation
I have tested this item ✅ successfully on baa3012 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28687. |
->set($db->quoteName('rules') . ' = :rules') | ||
->whereIn($db->quoteName('id'), $matchIds) | ||
->bind(':rules', $rules); | ||
->set($db->quoteName('rules') . ' = ' . str_repeat('REPLACE(', 4 * \count($ids)) . $db->quoteName('rules') . implode(')', $replace) . ')') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we are loosing the prepared bind in this way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is safe, there is no user input involved, and it makes it work. So I am ok with it. Just my 5 cent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only other way I found is a foreach over all records with updating every item. Ir does no harm, because there are not many viewlevels, but as @richard67 says, this is safe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no i'm not, but that don't prevent to set this as RTC cause there are 2 tests
imho despite there are no clear user input, but there are variables then they should be validated on the server side like any other variable parameters
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SharkyKZ Was the problem in the wrong ')'
at the end of each of these $replace[] =
statements? Or was it in the prepared statement below? Or both? Maybe it can be changed bacl to prepared statement?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because of prepared statement. It's possible to keep prepared statement but there's not much point as you've already noticed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I set it to RTC, we can later optimize that again if we want. Now it fixes a really ugly bug.
I have tested this item ✅ successfully on baa3012 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28687. |
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28687. |
I have tested this item ✅ successfully on baa3012 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28687. |
Thanks! |
Fixes #28522.
Summary of Changes
Fixes query when deleting user groups.
Testing Instructions
Delete
Manager
user group.Expected result
Group deleted and site continues to work.
Actual result
Group deleted but site is broken, modules are missing;
Documentation Changes Required
No.