From e0e01724d7ef7f388307d62639867ea0dbac0fdb Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Sun, 5 Oct 2014 16:03:00 +0200 Subject: [PATCH] Append selector instead of overwritting previous ones in Address::deleteAddresses While at it, add a safety check in Address::deleteAddresses. --- classes/address.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/classes/address.php b/classes/address.php index 7034196..e325d1e 100644 --- a/classes/address.php +++ b/classes/address.php @@ -822,13 +822,17 @@ class Address { $where = ''; if (!is_null($pid)) { - $where = XDB::format(' AND pid = {?}', $pid); + $where .= XDB::format(' AND pid = {?}', $pid); } if (!is_null($jobid)) { - $where = XDB::format(' AND jobid = {?}', $jobid); + $where .= XDB::format(' AND jobid = {?}', $jobid); } if (!is_null($groupid)) { - $where = XDB::format(' AND groupid = {?}', $groupid); + $where .= XDB::format(' AND groupid = {?}', $groupid); + } + // Prevent buggy callers from accidentally dropping profile_addresses + if (!$where) { + throw new Exception("Unable to delete all addresses of the given type, the request was too generic"); } XDB::execute('DELETE FROM profile_addresses WHERE type = {?}' . $where . (($deletePrivate) ? '' : ' AND pub IN (\'public\', \'ax\')'), -- 2.1.4