fix(filefield): SQL single quote escaping

if the file field has a single quote in its name, the file is not added to Documents and the generated ticket may be missing information provided by the requester Signed-off-by: btry <tbugier@teclib.com>
pluginsGLPI · Jul 18, 2018 · e0b9bd6 · e0b9bd6
1 parent fac8dfe
commit e0b9bd6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/inc/form_answer.class.php b/inc/form_answer.class.php
@@ -932,7 +932,7 @@ private function saveDocument(PluginFormcreatorForm $form, PluginFormcreatorQues
       $doc                        = new Document();
 
       $file_data                 = [];
-      $file_data["name"]         = $form->getField('name'). ' - ' . $question->getField('name');
+      $file_data["name"]         = Toolbox::addslashes_deep($form->getField('name'). ' - ' . $question->getField('name'));
       $file_data["entities_id"]  = isset($_SESSION['glpiactive_entity'])
                                     ? $_SESSION['glpiactive_entity']
                                     : $form->getField('entities_id');