fernando/tomolino-processmaker
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added $DB->escape to the followup content

Browse Source 
Fixes #74
This commit is contained in:
tomolimo
2018-07-26 11:18:47 +02:00
parent 361e8f6264
commit 02be646379
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
inc/processmaker.class.php
View File

@@ -109,20 +109,21 @@ class PluginProcessmakerProcessmaker extends CommonDBTM {
* @param integer $users_id optional, if null will uses logged-in user * @param integer $users_id optional, if null will uses logged-in user
*/ */
public function addTicketFollowup( $itemId, $txtForFollowup, $users_id=null ) { public function addTicketFollowup( $itemId, $txtForFollowup, $users_id=null ) {
global $DB;
$fu = new TicketFollowup(); $fu = new TicketFollowup();
$fu->getEmpty(); // to get default values $fu->getEmpty(); // to get default values
$input = $fu->fields; $input = $fu->fields;
if (isset( $txtForFollowup['GLPI_TICKET_FOLLOWUP_CONTENT'] )) { if (isset( $txtForFollowup['GLPI_TICKET_FOLLOWUP_CONTENT'] )) {
$input['content']=$txtForFollowup['GLPI_TICKET_FOLLOWUP_CONTENT']; $input['content'] = $DB->escape($txtForFollowup['GLPI_TICKET_FOLLOWUP_CONTENT']);
} }
if (isset( $txtForFollowup['GLPI_TICKET_FOLLOWUP_IS_PRIVATE'] )) { if (isset( $txtForFollowup['GLPI_TICKET_FOLLOWUP_IS_PRIVATE'] )) {
$input['is_private']=$txtForFollowup['GLPI_TICKET_FOLLOWUP_IS_PRIVATE']; $input['is_private'] = $txtForFollowup['GLPI_TICKET_FOLLOWUP_IS_PRIVATE'];
} }
if (isset( $txtForFollowup['GLPI_TICKET_FOLLOWUP_REQUESTTYPES_ID'] )) { if (isset( $txtForFollowup['GLPI_TICKET_FOLLOWUP_REQUESTTYPES_ID'] )) {
$input['requesttypes_id']=$txtForFollowup['GLPI_TICKET_FOLLOWUP_REQUESTTYPES_ID']; $input['requesttypes_id'] = $txtForFollowup['GLPI_TICKET_FOLLOWUP_REQUESTTYPES_ID'];
} }
$input['tickets_id']=$itemId; $input['tickets_id'] = $itemId;
$input['users_id']= (isset($users_id) ? $users_id : Session::getLoginUserID( true )); // $this->taskWriter; $input['users_id'] = (isset($users_id) ? $users_id : Session::getLoginUserID( true )); // $this->taskWriter;
$fu->add( $input ); $fu->add( $input );
} }