From 26af025dbe54c1b256bf5519e0677f2aa58f00c6 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Thu, 19 Sep 2024 12:10:57 +0000
Subject: [PATCH] sorm only return new ids for md5 hashes, fixes #4586

Closes #4586

Merge request studip/studip!3396
---
 lib/classes/SimpleORMap.php | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/lib/classes/SimpleORMap.php b/lib/classes/SimpleORMap.php
index 7492906519b..b280d2a2e67 100644
--- a/lib/classes/SimpleORMap.php
+++ b/lib/classes/SimpleORMap.php
@@ -1267,20 +1267,29 @@ class SimpleORMap implements ArrayAccess, Countable, IteratorAggregate
     }
 
     /**
-     * create new unique pk as md5 hash
-     * if pk consists of multiple columns, false is returned
-     * @return boolean|string
+     * Create new unique pk as md5 hash
+     *
+     * This will only work for said md5 hashes columns. An exception is thrown
+     * otherwise.
+     *
+     * @return string
      */
-    function getNewId()
+    public function getNewId()
     {
-        $id = false;
-        if (count($this->pk()) == 1) {
-            do {
-                $id = md5(uniqid($this->db_table(), 1));
-                $db = DBManager::get()->query("SELECT `{$this->pk()[0]}` FROM `{$this->db_table()}` "
-                . "WHERE `{$this->pk()[0]}` = '$id'");
-            } while($db->fetch());
+        if ($this->hasAutoIncrementColumn()) {
+            throw new Exception('You cannot retrieve the new id for an autoincrement column');
         }
+
+        if (count($this->pk()) !== 1) {
+            throw new Exception('You cannot retrieve a new id for a composite primary key');
+        }
+
+        do {
+            $id = md5(uniqid($this->db_table(), true));
+            $db = DBManager::get()->query("SELECT `{$this->pk()[0]}` FROM `{$this->db_table()}` "
+            . "WHERE `{$this->pk()[0]}` = '$id'");
+        } while ($db->fetch());
+
         return $id;
     }
 
-- 
GitLab