Skip to content

Commit

Permalink
fix(issue): SQL scaping problem when updating a ticket
Browse files Browse the repository at this point in the history
  • Loading branch information
btry committed Nov 3, 2023
1 parent 46559a0 commit 01b81da
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions hook.php
Original file line number Diff line number Diff line change
Expand Up @@ -453,7 +453,9 @@ function plugin_formcreator_hook_update_ticket(CommonDBTM $item) {

$validationStatus = PluginFormcreatorCommon::getTicketStatusForIssue($item);

$issueName = $item->fields['name'] != '' ? addslashes($item->fields['name']) : '(' . $item->getID() . ')';
$issueName = $item->fields['name'] != ''
? $item->fields['name']
: '(' . $item->getID() . ')';
$issue = new PluginFormcreatorIssue();
$issue->getFromDBByCrit([
'AND' => [
Expand All @@ -480,14 +482,14 @@ function plugin_formcreator_hook_update_ticket(CommonDBTM $item) {
'items_id' => $id,
'display_id' => "t_$id",
'itemtype' => Ticket::class,
'name' => $issueName,
'name' => $DB->escape($issueName),
'status' => $validationStatus,
'date_creation' => $item->fields['date'],
'date_mod' => $item->fields['date_mod'],
'entities_id' => $item->fields['entities_id'],
'is_recursive' => '0',
'requester_id' => $requester,
'comment' => addslashes($item->fields['content']),
'comment' => $DB->escape($item->fields['content']),
]);
}

Expand Down Expand Up @@ -611,7 +613,10 @@ function plugin_formcreator_hook_update_ticketvalidation(CommonDBTM $item) {
if ($issue->isNewItem()) {
return;
}
$issue->update(['status' => $status] + $issue->fields);
$issue->update([
'id' => $issue->getID(),
'status' => $status
]);
}

function plugin_formcreator_hook_update_itilFollowup($followup) {
Expand Down

0 comments on commit 01b81da

Please sign in to comment.