fix(question): sql quote escaping

btry · btry · commit 68fa87f1bcbe · 2019-12-19T17:41:52.000+01:00
Signed-off-by: Thierry Bugier &lt;tbugier@teclib.com&gt;
diff --git a/inc/question.class.php b/inc/question.class.php
@@ -953,7 +953,7 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con
       }
 
       // escape text fields
-      foreach (['name', 'description'] as $key) {
+      foreach (['name', 'description', 'default_values', 'values'] as $key) {
          $input[$key] = $DB->escape($input[$key]);
       }
 

Original file line number	Diff line number	Diff line change
`@@ -953,7 +953,7 @@ public static function import(PluginFormcreatorLinker $linker, $input = [], $con`
`953`	`953`	`}`
`954`	`954`
`955`	`955`	`// escape text fields`
`956`		`- foreach (['name', 'description'] as $key) {`
	`956`	`+ foreach (['name', 'description', 'default_values', 'values'] as $key) {`
`957`	`957`	`$input[$key] = $DB->escape($input[$key]);`
`958`	`958`	`}`
`959`	`959`