fix(targetticket,targetchange): escape text fields of targets

btry · btry · commit 559424ed9865 · 2020-02-03T15:12:41.000+01:00
Signed-off-by: Thierry Bugier &lt;tbugier@teclib.com&gt;
diff --git a/inc/targetchange.class.php b/inc/targetchange.class.php
@@ -171,6 +171,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
          );
       }
 
+      // Escape text fields
+      foreach (['target_name'] as $key) {
+         $input[$key] = $DB->escape($input[$key]);
+      }
 
       // Assume that all questions are already imported
       // convert question uuid into id
diff --git a/inc/targetticket.class.php b/inc/targetticket.class.php
@@ -897,6 +897,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
          );
       }
 
+      // Escape text fields
+      foreach (['target_name'] as $key) {
+         $input[$key] = $DB->escape($input[$key]);
+      }
 
       // Assume that all questions are already imported
       // convert question uuid into id

Original file line number	Diff line number	Diff line change
`@@ -171,6 +171,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con`
`171`	`171`	`);`
`172`	`172`	`}`
`173`	`173`
	`174`	`+ // Escape text fields`
	`175`	`+ foreach (['target_name'] as $key) {`
	`176`	`+ $input[$key] = $DB->escape($input[$key]);`
	`177`	`+ }`
`174`	`178`
`175`	`179`	`// Assume that all questions are already imported`
`176`	`180`	`// convert question uuid into id`
Original file line number	Diff line number	Diff line change
`@@ -897,6 +897,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con`
`897`	`897`	`);`
`898`	`898`	`}`
`899`	`899`
	`900`	`+ // Escape text fields`
	`901`	`+ foreach (['target_name'] as $key) {`
	`902`	`+ $input[$key] = $DB->escape($input[$key]);`
	`903`	`+ }`
`900`	`904`
`901`	`905`	`// Assume that all questions are already imported`
`902`	`906`	`// convert question uuid into id`