From 0ba4007e9deb90b1381b56385bb2182946ea04df Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sun, 8 Sep 2019 18:47:30 +0200
Subject: [PATCH] Avoid MySQL-specific SQL to cast vote

Until now, saving a user's vote was relying on MySQL's non-standard
"UPSERT" statement (INSERT INTO ... ON DUPLICATE KEY UPDATE ...). This
prevents using the plugin with other RDBMS.

To avoid this, we always delete the old vote, and insert a new record
with the user's new stance.

Fixes #4
---
 pages/submit_support.php | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/pages/submit_support.php b/pages/submit_support.php
index 51d3e67..719b31b 100644
--- a/pages/submit_support.php
+++ b/pages/submit_support.php
@@ -23,30 +23,27 @@
 form_security_validate( 'GaugeSupport_submit_vote' );
 
 $f_vote = gpc_get_string( 'vote', '' );
-$t_withdraw_vote = $f_vote == 'withdraw';
+$t_cast_vote = $f_vote != 'withdraw';
 
 $f_bug_id = gpc_get_int( 'bugid' );
-if( !$t_withdraw_vote ) {
-	$f_stance = gpc_get_int( 'stance' );
-}
 
 $t_user_id = auth_get_current_user_id();
 $t_table = plugin_table( 'support_data', 'GaugeSupport' );
 
-if( $t_withdraw_vote ) {
-	# Delete user's current vote
-	$t_query = "DELETE FROM $t_table 
+# Delete user's current vote
+$t_query = "DELETE FROM $t_table
 		WHERE bugid = " . db_param() . " AND userid = " . db_param();
-	$t_param = array( $f_bug_id, $t_user_id );
-	db_query( $t_query, $t_param );
-} else {
+$t_param = array( $f_bug_id, $t_user_id );
+db_query( $t_query, $t_param );
+
+if( $t_cast_vote ) {
+	$f_stance = gpc_get_int( 'stance' );
+
 	$t_query = "INSERT INTO {$t_table} (bugid, userid, rating) 
-		VALUES (" . db_param() . "," . db_param() . "," . db_param() . ") 
-		ON DUPLICATE KEY UPDATE rating = " . db_param();
+		VALUES (" . db_param() . "," . db_param() . "," . db_param() . ")";
 	$t_param = array(
 		$f_bug_id,
 		$t_user_id,
-		$f_stance,
 		$f_stance
 	);
 	$t_result = db_query( $t_query, $t_param );