fix(form): escape single quote when duplicating a form

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
pluginsGLPI · Feb 11, 2019 · 9d735d8 · 9d735d8
1 parent 9f641e3
commit 9d735d8
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/inc/form.class.php b/inc/form.class.php
@@ -1304,6 +1304,12 @@ public function duplicate() {
          unset($row['id'],
                $row['uuid']);
          $row['plugin_formcreator_forms_id'] = $new_form_id;
+
+         // escape text fields
+         foreach (['name'] as $key)  {
+            $row[$key] = $DB->escape($row[$key]);
+         }
+
          if (!$form_profile->add($row)) {
             return false;
          }