fix(question): remove abusive encoding

btry · btry · commit f18309113c56 · 2018-01-02T09:35:13.000+01:00
diff --git a/inc/question.class.php b/inc/question.class.php
@@ -238,7 +238,6 @@ private function checkBeforeSave($input) {
             Session::addMessageAfterRedirect(__('The title is required', 'formcreator'), false, ERROR);
             return [];
          }
-         $input['name'] = addslashes($input['name']);
       }
 
       // - field type is required
@@ -313,7 +312,7 @@ public function prepareInputForAdd($input) {
       foreach ($input as $key => $value) {
          if ($input['fieldtype'] != 'dropdown'
              || $input['fieldtype'] != 'dropdown' && $key != 'values') {
-            if ($key != 'regex') {
+            if ($key != 'regex' && $key != 'name') {
                $input[$key] = plugin_formcreator_encode($value);
             }
          }
@@ -378,7 +377,7 @@ public function prepareInputForUpdate($input) {
                 && !($input['fieldtype'] == 'checkboxes' && ($key == 'values' || $key == 'default_values'))
                 && !($input['fieldtype'] == 'radios' && ($key == 'values' || $key == 'default_values'))
                 && !($input['fieldtype'] == 'multiselect' && ($key == 'values' || $key == 'default_values'))) {
-               if ($key != 'regex') {
+               if ($key != 'regex' && $key != 'name') {
                   $input[$key] = plugin_formcreator_encode($value);
                }
             } else {
diff --git a/install/update_dev.php b/install/update_dev.php
@@ -16,8 +16,18 @@ function plugin_formcreator_update_dev() {
       'WHERE' => ['fieldtype' => 'textarea']
    ];
    foreach ($DB->request($request) as $row) {
-      $answer = Toolbox::addslashes_deep(html_entity_decode($row['answer']));
+      $answer = Toolbox::addslashes_deep(html_entity_decode($row['answer'], ENT_QUOTES|ENT_HTML5));
       $id = $row['id'];
       $DB->query("UPDATE `glpi_plugin_formcreator_answers` SET `answer`='$answer' WHERE `id` = '$id'");
    }
+
+   $request = [
+      'FROM' => 'glpi_plugin_formcreator_questions',
+   ];
+   foreach ($DB->request($request) as $row) {
+      $id = $row['id'];
+      $name = Toolbox::addslashes_deep(html_entity_decode($row['name'], ENT_QUOTES|ENT_HTML5));
+      $id = $row['id'];
+      $DB->query("UPDATE `glpi_plugin_formcreator_questions` SET `name`='$name' WHERE `id` = '$id'");
+   }
 }

Original file line number	Diff line number	Diff line change
`@@ -238,7 +238,6 @@ private function checkBeforeSave($input) {`
`238`	`238`	`Session::addMessageAfterRedirect(__('The title is required', 'formcreator'), false, ERROR);`
`239`	`239`	`return [];`
`240`	`240`	`}`
`241`		`- $input['name'] = addslashes($input['name']);`
`242`	`241`	`}`
`243`	`242`
`244`	`243`	`// - field type is required`
`@@ -313,7 +312,7 @@ public function prepareInputForAdd($input) {`
`313`	`312`	`foreach ($input as $key => $value) {`
`314`	`313`	`if ($input['fieldtype'] != 'dropdown'`
`315`	`314`	`\|\| $input['fieldtype'] != 'dropdown' && $key != 'values') {`
`316`		`- if ($key != 'regex') {`
	`315`	`+ if ($key != 'regex' && $key != 'name') {`
`317`	`316`	`$input[$key] = plugin_formcreator_encode($value);`
`318`	`317`	`}`
`319`	`318`	`}`
`@@ -378,7 +377,7 @@ public function prepareInputForUpdate($input) {`
`378`	`377`	`&& !($input['fieldtype'] == 'checkboxes' && ($key == 'values' \|\| $key == 'default_values'))`
`379`	`378`	`&& !($input['fieldtype'] == 'radios' && ($key == 'values' \|\| $key == 'default_values'))`
`380`	`379`	`&& !($input['fieldtype'] == 'multiselect' && ($key == 'values' \|\| $key == 'default_values'))) {`
`381`		`- if ($key != 'regex') {`
	`380`	`+ if ($key != 'regex' && $key != 'name') {`
`382`	`381`	`$input[$key] = plugin_formcreator_encode($value);`
`383`	`382`	`}`
`384`	`383`	`} else {`