fix(target): escape single quotes

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
pluginsGLPI · Feb 11, 2019 · 9f641e3 · 9f641e3
1 parent ec80a87
commit 9f641e3
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/inc/targetbase.class.php b/inc/targetbase.class.php
@@ -1132,6 +1132,8 @@ protected function setTargetDueDate($data, PluginFormcreatorFormAnswer $formansw
    }
 
    public function prepareInputForUpdate($input) {
+      global $DB;
+
       // generate a unique id
       if (!isset($input['uuid'])
           || empty($input['uuid'])) {
@@ -1147,7 +1149,7 @@ public function prepareInputForUpdate($input) {
          if (!$target->isNewItem()) {
             $target->update([
                'id' => $target->getID(),
-               'name' => $input['name'],
+               'name' => $DB->escape($input['name']),
             ]);
          }
       }