From 9dd9777fd45689c9616b9b6b613832911a6bba5b Mon Sep 17 00:00:00 2001
From: Thierry Bugier <tbugier@teclib.com>
Date: Fri, 7 Apr 2023 08:49:01 +0200
Subject: [PATCH] fix(formanswer): catch and report exception to end user

---
 inc/formanswer.class.php | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/inc/formanswer.class.php b/inc/formanswer.class.php
index 745443e6e..b91f1db21 100644
--- a/inc/formanswer.class.php
+++ b/inc/formanswer.class.php
@@ -32,6 +32,7 @@
 use Glpi\Application\View\TemplateRenderer;
 use Glpi\Toolbox\Sanitizer;
 use GlpiPlugin\Formcreator\Field\DropdownField;
+use Glpi\Application\ErrorHandler;
 
 if (!defined('GLPI_ROOT')) {
    die("Sorry. You can't access this file directly");
@@ -800,7 +801,7 @@ function plugin_formcreator_checkComment(field) {
     * @return array the modified $input array
     */
    public function prepareInputForAdd($input) {
-      global $DB;
+      global $DB, $GLPI;
 
       // A requester submits his answers to a form
       if (!isset($input['plugin_formcreator_forms_id'])) {
@@ -815,8 +816,15 @@ public function prepareInputForAdd($input) {
          }
       }
 
-      if (!$this->validateFormAnswer($input)) {
-         // Validation of answers failed
+      try {
+         if (!$this->validateFormAnswer($input)) {
+            // Validation of answers failed
+            return false;
+         }
+      } catch (Exception $e) {
+         // A fatal error caught during validation of answers
+         $GLPI->getErrorHandler()->handleException($e, false);
+         Session::addMessageAfterRedirect(__('An internal error occured when verifying your answers. Please report it to your administrator.', 'formcreator'), false, ERROR);
          return false;
       }
       if (!$this->validateCaptcha($input)) {
@@ -828,7 +836,14 @@ public function prepareInputForAdd($input) {
          return false;
       }
 
-      $input['name'] = $DB->escape($this->parseTags($form->fields['formanswer_name']));
+      try {
+         $input['name'] = $DB->escape($this->parseTags($form->fields['formanswer_name']));
+      } catch (Exception $e) {
+         // A fatal error caught during parsing of tags
+         $GLPI->getErrorHandler()->handleException($e, false);
+         Session::addMessageAfterRedirect(__('An internal error occured when verifying your answers. Please report it to your administrator.', 'formcreator'), false, ERROR);
+         return false;
+      }
 
       $input = $this->setValidator($input, $form);