Merge remote-tracking branch 'origin/support/2.13.0' into support/2.14.0

Author: btry

inc/formanswer.class.php

@@ -890,7 +890,7 @@ public function prepareInputForAdd($input) {
       }
 
       try {
-         $input['name'] = $DB->escape($this->parseTags($form->fields['formanswer_name']));
+         $input['name'] = $this->parseTags($form->fields['formanswer_name']);
       } catch (Exception $e) {
          // A fatal error caught during parsing of tags
          $GLPI->getErrorHandler()->handleException($e, false);

inc/targetchange.class.php

@@ -621,20 +621,15 @@ protected function getTargetTemplate(array $data): int {
             'FROM'   => ITILCategory::getTable(),
             'WHERE'  => ['id' => $data['itilcategories_id']]
          ]);
-         if ($row = $rows->current()) { // assign change template according to resulting change category
+         if ($row = $rows->current()) {
+            // assign change template according to resulting change category
             return $row[$targetTemplateFk];
          }
       }
 
       return $this->fields[$targetTemplateFk] ?? 0;
    }
 
-   public function getDefaultData(PluginFormcreatorFormAnswer $formanswer): array {
-      $data = parent::getDefaultData($formanswer);
-
-      return $data;
-   }
-
    /**
     * Save form data to the target
     *

inc/targetticket.class.php

@@ -803,20 +803,15 @@ protected function getTargetTemplate(array $data): int {
             'FROM'   => ITILCategory::getTable(),
             'WHERE'  => ['id' => $data['itilcategories_id']]
          ]);
-         if ($row = $rows->current()) { // assign ticket template according to resulting ticket category and ticket type
+         if ($row = $rows->current()) {
+            // assign ticket template according to resulting ticket category and ticket type
             return ($data['type'] == Ticket::INCIDENT_TYPE
                     ? $row["{$targetTemplateFk}_incident"]
                     : $row["{$targetTemplateFk}_demand"]);
          }
       }
 
-      return $this->fields['tickettemplates_id'] ?? 0;
-   }
-
-   public function getDefaultData(PluginFormcreatorFormAnswer $formanswer): array {
-      $data = parent::getDefaultData($formanswer);
-
-      return $data;
+      return $this->fields[$targetTemplateFk] ?? 0;
    }
 
    /**

install/upgrade_to_2.13.6.php

@@ -46,6 +46,7 @@ public function isResyncIssuesRequired() {
    public function upgrade(Migration $migration) {
       $this->migration = $migration;
       $this->migrateToRichText();
+      $this->sanitizeConditions();
    }
 
    public function migrateToRichText() {
@@ -82,4 +83,24 @@ public function migrateToRichText() {
          }
       }
    }
+
+   /**
+    * Conditions written in Formcreator < 2.13.0 are not sanitized.
+    * With versions >= 2.13.0, comparisons require sanitization
+    *
+    * @return void
+    */
+   protected function sanitizeConditions() {
+      global $DB;
+
+      $table = 'glpi_plugin_formcreator_conditions';
+      $request = $DB->request([
+         'SELECT' => ['id', 'show_value'],
+         'FROM' => $table,
+      ]);
+      foreach ($request as $row) {
+         $row['show_value'] = Sanitizer::sanitize($row['show_value'], true);
+         $DB->update($table, $row, ['id' => $row['id']]);
+      }
+   }
 }