fix(question,section): escaping bug on duplication

Signed-off-by: Thierry Bugier <tbugier@teclib.com>

Author: btry

inc/question.class.php

@@ -1320,6 +1320,12 @@ public function duplicate() {
             $row['uuid']);
 
       $row['_skip_checks'] = true;
+
+      // escape text fields
+      foreach (['name', 'description'] as $key) {
+         $row[$key] = $DB->escape($row[$key]);
+      }
+
       $newQuestion_id = $newQuestion->add($row);
       if ($newQuestion_id === false) {
          return false;

inc/section.class.php

@@ -169,6 +169,12 @@ public function duplicate() {
       $row = $this->fields;
       unset($row['id'],
             $row['uuid']);
+
+      // escape text fields
+      foreach (['name'] as $key) {
+         $row[$key] = $DB->escape($row[$key]);
+      }
+
       $newSection_id = $newSection->add($row);
       if ($newSection_id === false) {
          return false;