From ba5e020d600285b309c6698ab0173f3d86422f83 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 16:05:12 +0100
Subject: [PATCH] :bug: Fix incorrect POST variable and add foreach()

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/actions/delsub.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/app/public/actions/delsub.php b/app/public/actions/delsub.php
index f4ed389..917e59a 100644
--- a/app/public/actions/delsub.php
+++ b/app/public/actions/delsub.php
@@ -9,14 +9,16 @@
     // Add subscriber
     if ($is_authorised == true) {
         if($_SERVER['REQUEST_METHOD'] == 'POST') {
-          try {
-              $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
-              $sql = $db->prepare($stmt);
-              $sql->bindParam(':tktuuid', $request['uuid']);
-              $sql->bindParam(':usruuid', $POST['addSubSelector']);
-              $sql->execute();
-          } catch (PDOException $e) {
-              $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+          foreach ($_POST['addSubSelector'] as $sub) {
+            try {
+                $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
+                $sql = $db->prepare($stmt);
+                $sql->bindParam(':tktuuid', $request['uuid']);
+                $sql->bindParam(':usruuid', $sub);
+                $sql->execute();
+            } catch (PDOException $e) {
+                $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+            }
           }
         }
         $newURL = "/managesub?rid=" . $request['uuid'];