Skip to content

Commit a0dca23

Browse files
committed
fix(target): remove abusive encoding in target names
1 parent 1c8f38f commit a0dca23

File tree

5 files changed

+97
-15
lines changed

5 files changed

+97
-15
lines changed

inc/target.class.php

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -102,11 +102,6 @@ public static function displayTabContentForItem(CommonGLPI $item, $tabnum = 1, $
102102
* @return array the modified $input array
103103
**/
104104
public function prepareInputForAdd($input) {
105-
// Decode (if already encoded) and encode strings to avoid problems with quotes
106-
foreach ($input as $key => $value) {
107-
$input[$key] = plugin_formcreator_encode($value);
108-
}
109-
110105
// Control fields values :
111106
// - name is required
112107
if (isset($input['name'])
@@ -194,11 +189,6 @@ public function prepareInputForAdd($input) {
194189
* @return array the modified $input array
195190
**/
196191
public function prepareInputForUpdate($input) {
197-
// Decode (if already encoded) and encode strings to avoid problems with quotes
198-
foreach ($input as $key => $value) {
199-
$input[$key] = plugin_formcreator_encode($value);
200-
}
201-
202192
// generate a uniq id
203193
if (!isset($input['uuid'])
204194
|| empty($input['uuid'])) {

inc/targetchange.class.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -826,8 +826,6 @@ public function prepareInputForUpdate($input) {
826826
return [];
827827
}
828828

829-
$input['name'] = plugin_formcreator_encode($input['title']);
830-
831829
if ($CFG_GLPI['use_rich_text']) {
832830
$input['comment'] = Html::entity_decode_deep($input['comment']);
833831
}

inc/targetticket.class.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -818,8 +818,6 @@ public function prepareInputForUpdate($input) {
818818
return [];
819819
}
820820

821-
$input['name'] = plugin_formcreator_encode($input['title']);
822-
823821
if ($CFG_GLPI['use_rich_text']) {
824822
$input['comment'] = Html::entity_decode_deep($input['comment']);
825823
}

install/update_dev.php

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,46 @@
11
<?php
2+
23
function plugin_formcreator_update_dev(Migration $migration) {
34
global $DB;
45

56
// Change id of search option for status of form_answer
67
$table = 'glpi_displaypreferences';
78
$query = "UPDATE `$table` SET `num`='8' WHERE `itemtype`='PluginFormcreatorForm_Answer' AND `num`='1'";
89
$DB->query($query);
9-
}
10+
11+
// Remove abusive encoding in targets
12+
$table = 'glpi_plugin_formcreator_targets';
13+
$request = [
14+
'FROM' => $table,
15+
];
16+
foreach ($DB->request($request) as $row) {
17+
$id = $row['id'];
18+
$name = Toolbox::addslashes_deep(html_entity_decode($row['name'], ENT_QUOTES|ENT_HTML5));
19+
$id = $row['id'];
20+
$DB->query("UPDATE `$table` SET `name`='$name' WHERE `id` = '$id'");
21+
}
22+
23+
// Remove abusive encding in target tickets
24+
$table = 'glpi_plugin_formcreator_targettickets';
25+
$request = [
26+
'FROM' => $table,
27+
];
28+
foreach ($DB->request($request) as $row) {
29+
$id = $row['id'];
30+
$name = Toolbox::addslashes_deep(html_entity_decode($row['name'], ENT_QUOTES|ENT_HTML5));
31+
$id = $row['id'];
32+
$DB->query("UPDATE `$table` SET `name`='$name' WHERE `id` = '$id'");
33+
}
34+
35+
// Remove abusive encding in target tickets
36+
$table = 'glpi_plugin_formcreator_targetchanges';
37+
$request = [
38+
'FROM' => $table,
39+
];
40+
foreach ($DB->request($request) as $row) {
41+
$id = $row['id'];
42+
$name = Toolbox::addslashes_deep(html_entity_decode($row['name'], ENT_QUOTES|ENT_HTML5));
43+
$id = $row['id'];
44+
$DB->query("UPDATE `$table` SET `name`='$name' WHERE `id` = '$id'");
45+
}
46+
}

tests/0005_Unit/TargetTest.php

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
<?php
2+
class TargetTest extends SuperAdminTestCase {
3+
4+
public function addUpdateFormProvider() {
5+
return [
6+
[
7+
'input' => [
8+
'name' => '',
9+
'itemtype' => PluginFormcreatorTargetTicket::class
10+
],
11+
'expected' => false,
12+
],
13+
[
14+
'input' => [
15+
'name' => 'should fail',
16+
'itemtype' => ''
17+
],
18+
'expected' => false,
19+
],
20+
[
21+
'input' => [
22+
'name' => 'should pass',
23+
'itemtype' => PluginFormcreatorTargetTicket::class
24+
],
25+
'expected' => true,
26+
],
27+
[
28+
'input' => [
29+
'name' => 'être ou ne pas être',
30+
'itemtype' => PluginFormcreatorTargetTicket::class
31+
],
32+
'expected' => true,
33+
],
34+
[
35+
'input' => [
36+
'name' => 'test d\\\'apostrophe',
37+
'itemtype' => PluginFormcreatorTargetTicket::class
38+
],
39+
'expected' => true,
40+
],
41+
];
42+
}
43+
44+
/**
45+
* @dataProvider addUpdateFormProvider
46+
* @param array $input
47+
* @param boolean $expected
48+
*/
49+
public function testPrepareInputForAdd($input, $expected) {
50+
$target = new PluginFormcreatorTarget();
51+
$output = $target->prepareInputForAdd($input);
52+
if ($expected === false) {
53+
$this->assertCount(0, $output);
54+
} else {
55+
$this->assertEquals($input['name'], $output['name']);
56+
$this->assertArrayHasKey('uuid', $output);
57+
}
58+
}
59+
}

0 commit comments

Comments
 (0)