fix(condition): conditions don't work when not sanitized

may occur whern a condition contains characters like &, > and created in Formcreator < 2.13.0
pluginsGLPI · May 5, 2023 · f2b0fad · f2b0fad
1 parent e518b7d
commit f2b0fad
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/install/upgrade_to_2.13.6.php b/install/upgrade_to_2.13.6.php
@@ -46,6 +46,7 @@ public function isResyncIssuesRequired() {
    public function upgrade(Migration $migration) {
       $this->migration = $migration;
       $this->migrateToRichText();
+      $this->sanitizeConditions();
    }
 
    public function migrateToRichText() {
@@ -82,4 +83,24 @@ public function migrateToRichText() {
          }
       }
    }
+
+   /**
+    * Conditions written in Formcreator < 2.13.0 are not sanitized.
+    * With versions >= 2.13.0, comparisons require sanitization
+    *
+    * @return void
+    */
+   protected function sanitizeConditions() {
+      global $DB;
+
+      $table = 'glpi_plugin_formcreator_conditions';
+      $request = $DB->request([
+         'SELECT' => ['id', 'show_value'],
+         'FROM' => $table,
+      ]);
+      foreach ($request as $row) {
+         $row['show_value'] = Sanitizer::sanitize($row['show_value'], true);
+         $DB->update($table, $row, ['id' => $row['id']]);
+      }
+   }
 }