fix(targetbase): fix double quote renderiing in targets

btry · btry · commit 5711ef08277f · 2018-10-30T16:13:15.000+01:00
Signed-off-by: btry &lt;tbugier@teclib.com&gt;
diff --git a/inc/targetchange.class.php b/inc/targetchange.class.php
@@ -981,7 +981,6 @@ public function save(PluginFormcreatorForm_Answer $formanswer) {
       ];
       foreach ($changeFields as $changeField) {
          $data[$changeField] = $this->fields[$changeField];
-         $data[$changeField] = addslashes($data[$changeField]);
          $data[$changeField] = str_replace("\r\n", '\r\n', $data[$changeField]);
          if (strpos($data[$changeField], '##FULLFORM##') !== false) {
             $data[$changeField] = str_replace('##FULLFORM##', $formanswer->getFullForm(), $data[$changeField]);
@@ -993,10 +992,11 @@ public function save(PluginFormcreatorForm_Answer $formanswer) {
 
          $data[$changeField] = $this->parseTags($data[$changeField], $formanswer);
 
-         // This targer does not supports rich text
+         // This target does not supports rich text
          $data[$changeField] = strip_tags($data[$changeField], '<p>');
          $data[$changeField] = str_replace('<p>', '', $data[$changeField]);
          $data[$changeField] = str_replace('</p>', '\r\n', $data[$changeField]);
+         $data[$changeField] = Toolbox::addslashes_deep($data[$changeField]);
       }
 
       $data['_users_id_recipient']   = $_SESSION['glpiID'];
diff --git a/inc/targetticket.class.php b/inc/targetticket.class.php
@@ -1113,10 +1113,10 @@ public function save(PluginFormcreatorForm_Answer $formanswer) {
       // Parse data
       // TODO: generate instances of all answers of the form and use them for the fullform computation
       //       and the computation from a admin-defined target ticket template
-      $data['name'] = addslashes($this->fields['name']);
+      $data['name'] = $this->fields['name'];
       $data['name'] = $this->parseTags($data['name'], $formanswer);
+      $data['name'] = Toolbox::addslashes_deep($data['name']);
 
-      $data['content'] = addslashes($this->fields['content']);
       $data['content'] = str_replace("\r\n", '\r\n', $data['content']);
       if (strpos($data['content'], '##FULLFORM##') !== false) {
          $data['content'] = str_replace('##FULLFORM##', $formanswer->getFullForm(), $data['content']);
@@ -1128,8 +1128,9 @@ public function save(PluginFormcreatorForm_Answer $formanswer) {
 
       $data['content'] = $this->parseTags($data['content'], $formanswer);
       if (version_compare(PluginFormcreatorCommon::getGlpiVersion(), 9.4) >= 0 || $CFG_GLPI['use_rich_text']) {
-         $data['content'] = htmlentities($data['content']);
+         $data['content'] = htmlentities($data['content'], ENT_NOQUOTES);
       }
+      $data['content'] = Toolbox::addslashes_deep($data['content']);
       $data['_users_id_recipient'] = $_SESSION['glpiID'];
       $data['_tickettemplates_id'] = $this->fields['tickettemplates_id'];
 
