fix(question): remove abusive encoding

pluginsGLPI · Jan 2, 2018 · f183091 · f183091
1 parent d723a47
commit f183091
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/inc/question.class.php b/inc/question.class.php
@@ -238,7 +238,6 @@ private function checkBeforeSave($input) {
             Session::addMessageAfterRedirect(__('The title is required', 'formcreator'), false, ERROR);
             return [];
          }
-         $input['name'] = addslashes($input['name']);
       }
 
       // - field type is required
@@ -313,7 +312,7 @@ public function prepareInputForAdd($input) {
       foreach ($input as $key => $value) {
          if ($input['fieldtype'] != 'dropdown'
              || $input['fieldtype'] != 'dropdown' && $key != 'values') {
-            if ($key != 'regex') {
+            if ($key != 'regex' && $key != 'name') {
                $input[$key] = plugin_formcreator_encode($value);
             }
          }
@@ -378,7 +377,7 @@ public function prepareInputForUpdate($input) {
                 && !($input['fieldtype'] == 'checkboxes' && ($key == 'values' || $key == 'default_values'))
                 && !($input['fieldtype'] == 'radios' && ($key == 'values' || $key == 'default_values'))
                 && !($input['fieldtype'] == 'multiselect' && ($key == 'values' || $key == 'default_values'))) {
-               if ($key != 'regex') {
+               if ($key != 'regex' && $key != 'name') {
                   $input[$key] = plugin_formcreator_encode($value);
                }
             } else {

diff --git a/install/update_dev.php b/install/update_dev.php
@@ -16,8 +16,18 @@ function plugin_formcreator_update_dev() {
       'WHERE' => ['fieldtype' => 'textarea']
    ];
    foreach ($DB->request($request) as $row) {
-      $answer = Toolbox::addslashes_deep(html_entity_decode($row['answer']));
+      $answer = Toolbox::addslashes_deep(html_entity_decode($row['answer'], ENT_QUOTES|ENT_HTML5));
       $id = $row['id'];
       $DB->query("UPDATE `glpi_plugin_formcreator_answers` SET `answer`='$answer' WHERE `id` = '$id'");
    }
+
+   $request = [
+      'FROM' => 'glpi_plugin_formcreator_questions',
+   ];
+   foreach ($DB->request($request) as $row) {
+      $id = $row['id'];
+      $name = Toolbox::addslashes_deep(html_entity_decode($row['name'], ENT_QUOTES|ENT_HTML5));
+      $id = $row['id'];
+      $DB->query("UPDATE `glpi_plugin_formcreator_questions` SET `name`='$name' WHERE `id` = '$id'");
+   }
 }