Skip to content

Commit

Permalink
fix(targetticket,targetchange): escape text fields of targets
Browse files Browse the repository at this point in the history 
Signed-off-by: Thierry Bugier <tbugier@teclib.com>
  • Loading branch information
@btry
btry committed Feb 3, 2020
1 parent d4ca172 commit 559424e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions inc/targetchange.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
);
}

// Escape text fields
foreach (['target_name'] as $key) {
$input[$key] = $DB->escape($input[$key]);
}

// Assume that all questions are already imported
// convert question uuid into id
Expand Down
4 changes: 4 additions & 0 deletions inc/targetticket.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -897,6 +897,10 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
);
}

// Escape text fields
foreach (['target_name'] as $key) {
$input[$key] = $DB->escape($input[$key]);
}

// Assume that all questions are already imported
// convert question uuid into id
Expand Down

0 comments on commit 559424e

Please sign in to comment.