Skip to content

Commit

Permalink
fix(issue): SQL scaping problem when updating a ticket
Browse files Browse the repository at this point in the history
  • Loading branch information
btry committed Nov 3, 2023
1 parent 46559a0 commit f89b54f
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions hook.php
Original file line number Diff line number Diff line change
Expand Up @@ -453,7 +453,9 @@ function plugin_formcreator_hook_update_ticket(CommonDBTM $item) {

$validationStatus = PluginFormcreatorCommon::getTicketStatusForIssue($item);

$issueName = $item->fields['name'] != '' ? addslashes($item->fields['name']) : '(' . $item->getID() . ')';
$issueName = $item->fields['name'] != ''
? $item->fields['name']
: '(' . $item->getID() . ')';
$issue = new PluginFormcreatorIssue();
$issue->getFromDBByCrit([
'AND' => [
Expand All @@ -480,14 +482,14 @@ function plugin_formcreator_hook_update_ticket(CommonDBTM $item) {
'items_id' => $id,
'display_id' => "t_$id",
'itemtype' => Ticket::class,
'name' => $issueName,
'name' => $DB->escape($issueName),
'status' => $validationStatus,
'date_creation' => $item->fields['date'],
'date_mod' => $item->fields['date_mod'],
'entities_id' => $item->fields['entities_id'],
'is_recursive' => '0',
'requester_id' => $requester,
'comment' => addslashes($item->fields['content']),
'comment' => $DB->escape($item->fields['content']),
]);
}

Expand Down

0 comments on commit f89b54f

Please sign in to comment.