-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Emptying collection containing Single-Inheritence Discriminated Entity uses dangerous DELETE statement #11500
Comments
gitbugr
added a commit
to gitbugr/orm
that referenced
this issue
Jun 14, 2024
gitbugr
added a commit
to gitbugr/orm
that referenced
this issue
Jun 15, 2024
gitbugr
added a commit
to gitbugr/orm
that referenced
this issue
Jun 15, 2024
gitbugr
added a commit
to gitbugr/orm
that referenced
this issue
Jun 15, 2024
gitbugr
added a commit
to gitbugr/orm
that referenced
this issue
Jun 15, 2024
greg0ire
added a commit
that referenced
this issue
Jun 17, 2024
Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (GH-11500)
derrabus
added a commit
to derrabus/orm
that referenced
this issue
Jun 18, 2024
* 2.19.x: Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (doctrineGH-11500) Skip joined entity creation for empty relation (doctrine#10889) ci: maintained and stable mariadb version (11.4 current lts) (doctrine#11490) fix(docs): use string value in `addAttribute` Replace assertion with exception (doctrine#11489) Use ramsey/composer-install in PHPBench workflow update EntityManager#transactional to EntityManager#wrapInTransaction Fix cloning entities Consider usage of setFetchMode when checking for simultaneous usage of fetch-mode EAGER and WITH condition.
derrabus
added a commit
to derrabus/orm
that referenced
this issue
Jun 19, 2024
* 2.19.x: Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (doctrineGH-11500) Skip joined entity creation for empty relation (doctrine#10889) ci: maintained and stable mariadb version (11.4 current lts) (doctrine#11490) fix(docs): use string value in `addAttribute` Replace assertion with exception (doctrine#11489) Use ramsey/composer-install in PHPBench workflow update EntityManager#transactional to EntityManager#wrapInTransaction Fix cloning entities Consider usage of setFetchMode when checking for simultaneous usage of fetch-mode EAGER and WITH condition.
derrabus
added a commit
to derrabus/orm
that referenced
this issue
Jun 19, 2024
* 3.3.x: Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (doctrineGH-11500) Skip joined entity creation for empty relation (doctrine#10889) ci: maintained and stable mariadb version (11.4 current lts) (doctrine#11490) fix(docs): use string value in `addAttribute` Replace assertion with exception (doctrine#11489) Use ramsey/composer-install in PHPBench workflow update EntityManager#transactional to EntityManager#wrapInTransaction Fix cloning entities Consider usage of setFetchMode when checking for simultaneous usage of fetch-mode EAGER and WITH condition. Update branch metadata (doctrine#11474)
derrabus
added a commit
to derrabus/orm
that referenced
this issue
Jun 21, 2024
* 3.3.x: Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (doctrineGH-11500) Skip joined entity creation for empty relation (doctrine#10889) ci: maintained and stable mariadb version (11.4 current lts) (doctrine#11490) fix(docs): use string value in `addAttribute` Replace assertion with exception (doctrine#11489) Use ramsey/composer-install in PHPBench workflow update EntityManager#transactional to EntityManager#wrapInTransaction Fix cloning entities Consider usage of setFetchMode when checking for simultaneous usage of fetch-mode EAGER and WITH condition. Update branch metadata (doctrine#11474)
derrabus
added a commit
to derrabus/orm
that referenced
this issue
Jun 21, 2024
* 3.3.x: Fix deprecated array access usage (doctrine#11517) Address doctrine/persistence 3.3.3 release Add the propoer void return type on the __load method of proxies Deprecate DatabaseDriver Remove unneeded CS rule Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (doctrineGH-11500) Skip joined entity creation for empty relation (doctrine#10889) ci: maintained and stable mariadb version (11.4 current lts) (doctrine#11490) fix(docs): use string value in `addAttribute` Replace assertion with exception (doctrine#11489) Use ramsey/composer-install in PHPBench workflow update EntityManager#transactional to EntityManager#wrapInTransaction Fix cloning entities Consider usage of setFetchMode when checking for simultaneous usage of fetch-mode EAGER and WITH condition. Update branch metadata (doctrine#11474)
derrabus
added a commit
to derrabus/orm
that referenced
this issue
Jun 21, 2024
* 3.3.x: Fix deprecated array access usage (doctrine#11517) Address doctrine/persistence 3.3.3 release Add the propoer void return type on the __load method of proxies Deprecate DatabaseDriver Remove unneeded CS rule Fix OneToManyPersister::deleteEntityCollection missing discriminator column/value. (doctrineGH-11500) Skip joined entity creation for empty relation (doctrine#10889) ci: maintained and stable mariadb version (11.4 current lts) (doctrine#11490) fix(docs): use string value in `addAttribute` Replace assertion with exception (doctrine#11489) Use ramsey/composer-install in PHPBench workflow update EntityManager#transactional to EntityManager#wrapInTransaction Fix cloning entities Consider usage of setFetchMode when checking for simultaneous usage of fetch-mode EAGER and WITH condition. Update branch metadata (doctrine#11474)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
Summary
Emptying collection containing Single-Inheritence Discriminated Entity uses a dangerous DELETE statements that can lead to unintentionally removed records for different entities within the same single table inheritance.
Current behavior
When an Entity
UserA
has a propertythings
which is a OneToMany relation with orphanRemoval enabled to an EntityThingA
(referencesUserA
via a property ofowner
) which is part of a single table hierarchy (using discriminator mapping) extending fromAbstractThing
, doing the following:$userA->getThings()->clear();
and persisting+flushing causes the db to receive iterated DELETE statements for the records in the Collection (e.g.
DELETE FROM things WHERE id = 1; DELETE FROM things WHERE id = 2; #... etc.
)If instead you do:
and persist+flush, then the database instead receives a request of the form
DELETE FROM things WHERE owner_id = 1;
, without the discriminator column in the WHERE clause.This can cause a problem in the instance where another Entity in the same hierarchy,
ThingB
, has an association to a different entity,UserB
, using the same property name since this could lead to collisions in theUserA
/UserB
owned records leading to entities from one being removed due to the deletion of those associated with the other.How to reproduce
Minimal reproducible example: https://github.com/gitbugr/doctrine-assoc-delete-example
Expected behavior
I would expect the delete directive to include the discriminator column in addition to the id. Or, if
$userA->setThings(new ArrayCollection());
is improper, it should be guarded against.The text was updated successfully, but these errors were encountered: