From ea66d631e441ab81d89899866eb1ecdf71935a3b Mon Sep 17 00:00:00 2001
From: Thierry Bugier <tbugier@teclib.com>
Date: Thu, 28 Jan 2021 21:52:29 +0100
Subject: [PATCH] fix(question): prevent bad request

may try to load a itemtype represented by a class named '0'

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
---
 ajax/commontree.php | 2 +-
 js/scripts.js.php   | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ajax/commontree.php b/ajax/commontree.php
index 0382d9f3a..3a47efd82 100644
--- a/ajax/commontree.php
+++ b/ajax/commontree.php
@@ -42,7 +42,7 @@
 $depth    = $_GET['maxDepth'];
 
 // This should only be used for dropdowns
-if (!is_a($itemtype, CommonTreeDropdown::class, true)) {
+if ((int) $itemtype == $itemtype || !is_a($itemtype, CommonTreeDropdown::class, true)) {
    http_response_code(400);
    die;
 }
diff --git a/js/scripts.js.php b/js/scripts.js.php
index eda2d9f37..a2af40bd5 100644
--- a/js/scripts.js.php
+++ b/js/scripts.js.php
@@ -1318,6 +1318,11 @@ function plugin_formcreator_changeDropdownItemtype(rand) {
       $('.plugin_formcreator_dropdown_ticket').toggle(showTicketCategorySpecific);
       $('.plugin_formcreator_dropdown_service_level').toggle();
 
+      if (!isNaN(dropdown_type)) {
+         // The variable seems not to be a itemtype
+         return;
+      }
+
       $.ajax({
          url: formcreatorRootDoc + '/ajax/commontree.php',
          type: 'GET',