fix(targetticket,targetchange): escape text fields of targets

Signed-off-by: Thierry Bugier <[email protected]>
pluginsGLPI · Feb 6, 2020 · 6c0d775 · 6c0d775
1 parent 7d8934a
commit 6c0d775
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/inc/targetchange.class.php b/inc/targetchange.class.php
@@ -171,6 +171,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
          );
       }
 
+      // Escape text fields
+      foreach (['target_name'] as $key) {
+         $input[$key] = $DB->escape($input[$key]);
+      }
 
       // Assume that all questions are already imported
       // convert question uuid into id

diff --git a/inc/targetticket.class.php b/inc/targetticket.class.php
@@ -962,6 +962,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
          );
       }
 
+      // Escape text fields
+      foreach (['target_name'] as $key) {
+         $input[$key] = $DB->escape($input[$key]);
+      }
 
       // Assume that all questions are already imported
       // convert question uuid into id

diff --git a/tests/suite-unit/PluginFormcreatorTargetChange.php b/tests/suite-unit/PluginFormcreatorTargetChange.php
@@ -228,7 +228,7 @@ public function testGetTargetItemtypeName() {
     */
    public function  testSetTargetEntity() {
       global $CFG_GLPI;
-      
+
       // Disable notification to avoid output to console
       $CFG_GLPI['use_notifications'] = '0';
 
@@ -339,7 +339,7 @@ public function  testSetTargetEntity() {
          'destination_entity_value' => '0',
       ]);
       $instance->getFromDB($targetChange->getID());
-      
+
       // Disable notification to avoid output to console
       $CFG_GLPI['use_notifications'] = '0';
 
@@ -465,6 +465,7 @@ public function testImport() {
       $uuid = plugin_formcreator_getUuid();
       $input = [
          'name' => $this->getUniqueString(),
+         'target_name' => $this->getUniqueString(),
          'content' => $this->getUniqueString(),
          'impactcontent' => $this->getUniqueString(),
          'controlistcontent' => $this->getUniqueString(),

diff --git a/tests/suite-unit/PluginFormcreatorTargetTicket.php b/tests/suite-unit/PluginFormcreatorTargetTicket.php
@@ -684,6 +684,7 @@ public function testImport() {
       $uuid = plugin_formcreator_getUuid();
       $input = [
          'name' => $this->getUniqueString(),
+         'target_name' => $this->getUniqueString(),
          'content' => $this->getUniqueString(),
          'due_date_rule' => \PluginFormcreatorTargetTicket::DUE_DATE_RULE_NONE,
          'due_date_question' => '0',