fix(question): fix escaping issues with regexes

btry · btry · commit c807936da8b0 · 2017-12-05T13:40:21.000+01:00
diff --git a/inc/question.class.php b/inc/question.class.php
@@ -255,6 +255,20 @@ private function checkBeforeSave($input) {
          return [];
       }
 
+      // Values are required for GLPI dropdowns, dropdowns, multiple dropdowns, checkboxes, radios
+      $itemtypes = ['select', 'multiselect', 'checkboxes', 'radios'];
+      if (in_array($input['fieldtype'], $itemtypes)) {
+         if (isset($input['values'])) {
+            if (empty($input['values'])) {
+               Session::addMessageAfterRedirect(
+                     __('The field value is required:', 'formcreator') . ' ' . $input['name'],
+                     false,
+                     ERROR);
+               return [];
+            }
+         }
+      }
+
       if (!isset($input['fieldtype'])) {
          $input['fieldtype'] = $this->fields['fieldtype'];
       }
@@ -266,7 +280,8 @@ private function checkBeforeSave($input) {
       if (isset($input['regex']) && !empty($input['regex'])) {
          // Avoid php notice when validating the regular expression
          set_error_handler(function($errno, $errstr, $errfile, $errline, $errcontext) {});
-         $isValid = !(preg_match($input['regex'], null) === false);
+         $regex = Toolbox::stripslashes_deep($input['regex']);
+         $isValid = !(preg_match($regex, null) === false);
          restore_error_handler();
 
          if (!$isValid) {
@@ -298,7 +313,9 @@ public function prepareInputForAdd($input) {
       foreach ($input as $key => $value) {
          if ($input['fieldtype'] != 'dropdown'
              || $input['fieldtype'] != 'dropdown' && $key != 'values') {
-            $input[$key] = plugin_formcreator_encode($value);
+            if ($key != 'regex') {
+               $input[$key] = plugin_formcreator_encode($value);
+            }
          }
       }
 
@@ -361,7 +378,9 @@ public function prepareInputForUpdate($input) {
                 && !($input['fieldtype'] == 'checkboxes' && ($key == 'values' || $key == 'default_values'))
                 && !($input['fieldtype'] == 'radios' && ($key == 'values' || $key == 'default_values'))
                 && !($input['fieldtype'] == 'multiselect' && ($key == 'values' || $key == 'default_values'))) {
-               $input[$key] = plugin_formcreator_encode($value);
+               if ($key != 'regex') {
+                  $input[$key] = plugin_formcreator_encode($value);
+               }
             } else {
                $input[$key] = str_replace('\r\n', "\r\n", $input[$key]);
             }
