From 31a8eefd2f67bb1e1634a7725d21555dc4dededb Mon Sep 17 00:00:00 2001
From: Luis Calvo <luis.calvo@artica.es>
Date: Wed, 4 Nov 2020 16:22:44 +0100
Subject: [PATCH] Fixed bug allowing updating group with duplicated name

---
 pandora_console/godmode/groups/group_list.php | 77 ++++++++++---------
 1 file changed, 42 insertions(+), 35 deletions(-)

diff --git a/pandora_console/godmode/groups/group_list.php b/pandora_console/godmode/groups/group_list.php
index de5cae9f7d..ddb5224590 100644
--- a/pandora_console/godmode/groups/group_list.php
+++ b/pandora_console/godmode/groups/group_list.php
@@ -419,45 +419,52 @@ if ($update_group) {
         $aviable_name = false;
     }
 
+    // Check if group name is unique.
+    $check = db_get_value_filter(
+        'nombre',
+        'tgrupo',
+        [
+            'nombre'   => $name,
+            'id_grupo' => $id_group,
+        ],
+        'AND NOT'
+    );
+
     // Check if name field is empty.
-    if ($name != '' && $aviable_name === true) {
-        $sql = sprintf(
-            'UPDATE tgrupo
-             SET nombre = "%s",
-                icon = "%s",
-                disabled = %d,
-                parent = %d,
-                custom_id = "%s",
-                propagate = %d,
-                id_skin = %d,
-                description = "%s",
-                contact = "%s",
-                other = "%s",
-                password = "%s"
-            WHERE id_grupo = %d',
-            $name,
-            empty($icon) ? '' : substr($icon, 0, -4),
-            !$alerts_enabled,
-            $id_parent,
-            $custom_id,
-            $propagate,
-            $skin,
-            $description,
-            $contact,
-            $other,
-            $group_pass,
-            $id_group
-        );
+    if ($name != '') {
+        if (!$check) {
+            if ($aviable_name === true) {
+                $values = [
+                    'nombre'      => $name,
+                    'icon'        => empty($icon) ? '' : substr($icon, 0, -4),
+                    'parent'      => $id_parent,
+                    'disabled'    => !$alerts_enabled,
+                    'custom_id'   => $custom_id,
+                    'id_skin'     => $skin,
+                    'description' => $description,
+                    'contact'     => $contact,
+                    'propagate'   => $propagate,
+                    'other'       => $other,
+                    'password'    => io_safe_input($group_pass),
+                ];
 
-        $result = db_process_sql($sql);
-    } else {
-        $result = false;
-    }
+                $result = db_process_sql_update(
+                    'tgrupo',
+                    $values,
+                    ['id_grupo' => $id_group]
+                );
+            }
 
-    if ($result !== false) {
-        ui_print_success_message(__('Group successfully updated'));
+            if ($result) {
+                ui_print_success_message(__('Group successfully updated'));
+            } else {
+                ui_print_error_message(__('There was a problem modifying group'));
+            }
+        } else {
+            ui_print_error_message(__('Each group must have a different name'));
+        }
     } else {
-        ui_print_error_message(__('There was a problem modifying group'));
+        ui_print_error_message(__('Group must have a name'));
     }
 }